CVE-2015-5477

Public exploit
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
Max CVSS
7.8
EPSS Score
97.24%
Published
2015-07-29
Updated
2017-11-10

CVE-2015-5453

Public exploit
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.
Max CVSS
6.5
EPSS Score
2.60%
Published
2015-07-08
Updated
2016-11-28

CVE-2015-5371

Public exploit
The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.
Max CVSS
10.0
EPSS Score
97.35%
Published
2015-07-06
Updated
2016-11-28

CVE-2015-5122

Known exploited
Public exploit
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
Max CVSS
10.0
EPSS Score
97.31%
Published
2015-07-14
Updated
2023-05-08
CISA KEV Added
2022-04-13

CVE-2015-5119

Known exploited
Public exploit
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
Max CVSS
10.0
EPSS Score
97.40%
Published
2015-07-08
Updated
2017-01-20
CISA KEV Added
2022-03-03

CVE-2015-3673

Public exploit
Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.
Max CVSS
7.2
EPSS Score
0.05%
Published
2015-07-03
Updated
2017-09-22

CVE-2015-2426

Known exploited
Public exploit
Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."
Max CVSS
9.3
EPSS Score
97.38%
Published
2015-07-20
Updated
2019-05-15
CISA KEV Added
2022-03-28

CVE-2015-1793

Public exploit
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
Max CVSS
6.5
EPSS Score
14.15%
Published
2015-07-09
Updated
2018-11-30
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!