CVE-2010-0188Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2012-0507Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2012-1723Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2013-0074Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2013-2465Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2013-2471Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks." |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2013-2551Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2013-2883Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object. |
Severity | HIGH |
Base Score | 7.5 |
Impact Score | 6.4 |
Exploit Score | 10.0 |
Confidentiality Impact | PARTIAL |
Integrity Impact | PARTIAL |
Availability Impact | PARTIAL |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2013-7331The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. |
Severity | MEDIUM |
Base Score | 5.8 |
Impact Score | 4.9 |
Exploit Score | 8.6 |
Confidentiality Impact | PARTIAL |
Integrity Impact | NONE |
Availability Impact | PARTIAL |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2014-0515Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2014-0556Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2014-8439Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2015-0311Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2015-0336Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|