CVE Daily
← All years

Uncategorized 2015

Page 2/23.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2015-12-11
Medium

CVE-2015-7042

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-20…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-7041

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-20…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-7040

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-20…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-7001

AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.

CVSS: 6.8CWE: CWE-264
Read more
2015-12-10
Critical

CVE-2015-8456

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-8454

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8452

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8450

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-8449

Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, A…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-8448

Use-after-free vulnerability in the DisplacementMapFilter object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-8447

Use-after-free vulnerability in the Color object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-8445

Integer overflow in the Shader filter implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2015-8442

Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, A…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-8441

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8440

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe…

CVSS: 10.0CWE: CWE-264
Read more
Critical

CVE-2015-8439

The SharedObject object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, A…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-8437

Use-after-free vulnerability in the Selection object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, A…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-8436

Use-after-free vulnerability in the PrintJob object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Ad…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-8435

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8434

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8433

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8432

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8431

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8430

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8429

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8428

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8427

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8426

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8425

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8424

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8423

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8422

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8421

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8420

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8414

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8413

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8412

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8411

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8410

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8409

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8406

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8405

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8404

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8403

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8402

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8401

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8071

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8070

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8069

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8068

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8067

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8066

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8065

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8064

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8063

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8062

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8061

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8059

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8058

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-8057

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8056

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8055

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8050

Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, A…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-8049

Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, A…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-8048

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 10.0CWE: N/A
Read more
2015-12-09
High

CVE-2015-6175

The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability."

CVSS: 7.8CWE: N/A
Read more
High

CVE-2015-6174

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2015-6173

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2015-6171

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2015-6170

Microsoft Edge allows remote attackers to gain privileges via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability."

CVSS: 6.8CWE: CWE-264
Read more
Critical

CVE-2015-6139

Microsoft Internet Explorer 11 and Microsoft Edge mishandle content types, which allows remote attackers to execute arbitrary web script in a privileged context via a crafted web site, aka "Microsoft…

CVSS: 9.3CWE: CWE-264
Read more
High

CVE-2015-6133

Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a c…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2015-6132

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandl…

CVSS: 7.2CWE: CWE-264
Read more
Critical

CVE-2015-6130

Integer underflow in Uniscribe in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows remote attackers to execute arbitrary code via a crafted font, aka "Windows Integer Underflow Vulnerabi…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2015-6125

Use-after-free vulnerability in the DNS server in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka…

CVSS: 9.3CWE: N/A
Read more
2015-12-08
Critical

CVE-2015-6623

Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703.

CVSS: 9.3CWE: CWE-264
Read more
Critical

CVE-2015-6621

SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access…

CVSS: 9.3CWE: CWE-264
Read more
Critical

CVE-2015-6620

libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem acce…

CVSS: 9.3CWE: CWE-264
Read more
Critical

CVE-2015-6619

The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714.

CVSS: 9.3CWE: CWE-264
Read more
Medium

CVE-2015-6618

Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment, aka internal bug 24595992.

CVSS: 4.3CWE: CWE-254
Read more
2015-12-07
Low

CVE-2015-8482

Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disabl…

CVSS: 2.1CWE: CWE-264
Read more
High

CVE-2015-8125

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2015-8124

Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a sess…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-5309

Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters…

CVSS: 4.3CWE: CWE-189
Read more
Critical

CVE-2015-3628

The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6…

CVSS: 9.0CWE: CWE-264
Read more
High

CVE-2015-3276

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2015-1344

The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file.

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2015-1342

LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.

CVSS: 4.6CWE: CWE-264
Read more
2015-12-06
Medium

CVE-2015-1794

The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-He…

CVSS: 5.0CWE: CWE-189
Read more
High

CVE-2015-8478

Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.73, allow attackers to cause a denial of service or possibly have other impact via unknow…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2015-6787

Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2015-6786

The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:,…

CVSS: 4.3CWE: CWE-264
Read more
Medium

CVE-2015-6785

The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a…

CVSS: 4.3CWE: CWE-264
Read more
High

CVE-2015-6781

Integer overflow in the FontData::Bound function in data/font_data.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly…

CVSS: 7.5CWE: CWE-189
Read more
Medium

CVE-2015-6780

Use-after-free vulnerability in the Infobars implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6779

PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document,…

CVSS: 4.3CWE: CWE-264
Read more
High

CVE-2015-6777

Use-after-free vulnerability in the ContainerNode::notifyNodeInsertedInternal function in WebKit/Source/core/dom/ContainerNode.cpp in the DOM implementation in Google Chrome before 47.0.2526.73 allow…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2015-6775

fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2015-6774

Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2015-6772

The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass…

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2015-6770

The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768.

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2015-6769

The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveragin…

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2015-6768

The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770.

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2015-6767

Use-after-free vulnerability in content/browser/appcache/appcache_dispatcher_host.cc in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of s…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2015-6766

Use-after-free vulnerability in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers with renderer access to cause a denial of service or possibly have unspecified…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2015-6765

Use-after-free vulnerability in content/browser/appcache/appcache_update_job.cc in Google Chrome before 47.0.2526.73 allows remote attackers to execute arbitrary code or cause a denial of service by…

CVSS: 10.0CWE: N/A
Read more
2015-12-05
Medium

CVE-2015-6394

The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408.

CVSS: 4.9CWE: CWE-399
Read more
High

CVE-2015-6391

Cisco Unified SIP 3905 phones allow remote attackers to cause a denial of service (resource consumption and functionality loss) via a large amount of network traffic, aka Bug ID CSCuh51331.

CVSS: 7.8CWE: CWE-399
Read more
Medium

CVE-2015-6388

Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2015-6384

The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted applic…

CVSS: 4.3CWE: CWE-264
Read more
2015-12-03
High

CVE-2015-8078

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks…

CVSS: 7.5CWE: CWE-189
Read more
High

CVE-2015-8077

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks…

CVSS: 7.5CWE: CWE-189
Read more
Medium

CVE-2015-5245

CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2015-0860

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrar…

CVSS: 7.5CWE: CWE-189
Read more
High

CVE-2015-0859

The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cg…

CVSS: 7.5CWE: CWE-17
Read more
High

CVE-2015-6383

Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter craf…

CVSS: 7.2CWE: CWE-264
Read more
2015-12-02
High

CVE-2015-2328

PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have…

CVSS: 7.5CWE: CWE-19
Read more
2015-12-01
Medium

CVE-2015-6386

The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions…

CVSS: 5.0CWE: CWE-399
Read more
2015-11-27
Critical

CVE-2015-8214

A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-…

CVSS: 9.7CWE: CWE-264
Read more
2015-11-26
Medium

CVE-2015-8364

Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-o…

CVSS: 6.8CWE: CWE-189
Read more
>