CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12401 CVE-2015-6145 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6146.
12402 CVE-2015-6146 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6145.
12403 CVE-2015-6147 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6149.
12404 CVE-2015-6148 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6156.
12405 CVE-2015-6149 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6147.
12406 CVE-2015-6150 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6154.
12407 CVE-2015-6151 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6083.
12408 CVE-2015-6152 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6162.
12409 CVE-2015-6153 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6158, CVE-2015-6159, and CVE-2015-6160.
12410 CVE-2015-6154 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6150.
12411 CVE-2015-6155 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
12412 CVE-2015-6156 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6148.
12413 CVE-2015-6158 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6159, and CVE-2015-6160.
12414 CVE-2015-6159 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6158, and CVE-2015-6160.
12415 CVE-2015-6160 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6158, and CVE-2015-6159.
12416 CVE-2015-6162 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6152.
12417 CVE-2015-6166 119 DoS Exec Code Overflow 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read or write access) via unspecified open and close requests, aka "Microsoft Silverlight RCE Vulnerability."
12418 CVE-2015-6168 119 DoS Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6153.
12419 CVE-2015-6172 20 Exec Code 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability."
12420 CVE-2015-6177 119 Exec Code Overflow Mem. Corr. 2015-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
12421 CVE-2015-6184 DoS Exec Code Mem. Corr. 2016-03-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) via a malformed Cascading Style Sheets (CSS) token sequence in conjunction with modifications to HTML elements, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6048 and CVE-2015-6049.
12422 CVE-2015-6280 287 2015-09-27 2017-01-04
9.3
None Remote Medium Not required Complete Complete Complete
The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013.
12423 CVE-2015-6467 Exec Code 2016-01-14 2016-01-20
9.3
None Remote Medium Not required Complete Complete Complete
Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.
12424 CVE-2015-6531 94 Exec Code 2017-06-01 2017-06-08
9.3
None Remote Medium Not required Complete Complete Complete
Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file.
12425 CVE-2015-6596 264 +Priv 2015-10-06 2015-10-07
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717.
12426 CVE-2015-6602 20 Exec Code 2015-10-01 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.
12427 CVE-2015-6606 264 +Priv 2015-10-06 2015-10-07
9.3
None Remote Medium Not required Complete Complete Complete
The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22301786.
12428 CVE-2015-6610 119 DoS Overflow +Priv Mem. Corr. 2015-11-03 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088.
12429 CVE-2015-6612 264 +Priv 2015-11-03 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.
12430 CVE-2015-6616 119 DoS Exec Code Overflow Mem. Corr. 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and 23882800, a different vulnerability than CVE-2015-8505, CVE-2015-8506, and CVE-2015-8507.
12431 CVE-2015-6617 119 DoS Exec Code Overflow Mem. Corr. 2015-12-08 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740.
12432 CVE-2015-6619 264 +Priv 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714.
12433 CVE-2015-6620 264 +Priv 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and 24445127.
12434 CVE-2015-6621 264 +Priv 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438.
12435 CVE-2015-6623 264 +Priv 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703.
12436 CVE-2015-6633 119 DoS Exec Code Overflow Mem. Corr. 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307.
12437 CVE-2015-6634 119 DoS Exec Code Overflow Mem. Corr. 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.
12438 CVE-2015-6637 264 +Priv 2016-01-06 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.
12439 CVE-2015-6638 264 +Priv 2016-01-06 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.
12440 CVE-2015-6639 264 +Priv 2016-01-06 2017-09-06
9.3
None Remote Medium Not required Complete Complete Complete
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
12441 CVE-2015-6640 264 DoS +Priv 2016-01-06 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123.
12442 CVE-2015-6647 264 +Priv 2016-01-06 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.
12443 CVE-2015-6685 119 DoS Exec Code Overflow Mem. Corr. 2015-10-14 2016-12-09
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) by using the Format action for unspecified fields, a different vulnerability than CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622.
12444 CVE-2015-6686 119 DoS Exec Code Overflow Mem. Corr. 2015-10-14 2016-12-09
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted set of fields, a different vulnerability than CVE-2015-6685, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622.
12445 CVE-2015-6688 Exec Code 2015-10-14 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted Optional Content Groups (OCG) object in a WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.
12446 CVE-2015-6689 Exec Code 2015-10-14 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.
12447 CVE-2015-6690 416 Exec Code 2015-10-14 2016-12-09
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the popUpMenuEx method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via crafted arguments, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.
12448 CVE-2015-6693 119 DoS Exec Code Overflow Mem. Corr. 2015-10-14 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
The signatureSetSeedValue method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted arguments, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622.
12449 CVE-2015-6694 119 DoS Exec Code Overflow Mem. Corr. 2015-10-14 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted use of the fillColor attribute, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6695, and CVE-2015-7622.
12450 CVE-2015-6695 119 DoS Exec Code Overflow Mem. Corr. 2015-10-14 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted use of the value attribute, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, and CVE-2015-7622.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.