Active threat advisories and known exploited vulnerabilities.

Critical CVE-2015-5119 Adobe · Flash Player Added Mar 3, 2022

Adobe Flash Player Use-After-Free Vulnerability

A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-4902 Oracle · Java SE Added Mar 3, 2022

Oracle Java SE Integrity Check Vulnerability

Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-3043 Adobe · Flash Player Added Mar 3, 2022

Adobe Flash Player Memory Corruption Vulnerability

A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-2590 Oracle · Java SE Added Mar 3, 2022

Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability

An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-2545 Microsoft · Office Added Mar 3, 2022

Microsoft Office Malformed EPS File Vulnerability

Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-2424 Microsoft · PowerPoint Added Mar 3, 2022

Microsoft PowerPoint Memory Corruption Vulnerability

Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-2387 Microsoft · ATM Font Driver Added Mar 3, 2022

Microsoft ATM Font Driver Privilege Escalation Vulnerability

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-1701 Microsoft · Win32k Added Mar 3, 2022

Microsoft Win32k Privilege Escalation Vulnerability

An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-1642 Microsoft · Office Added Mar 3, 2022

Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2014-4114 Microsoft · Windows Added Mar 3, 2022

Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability

A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2014-0496 Adobe · Reader and Acrobat Added Mar 3, 2022

Adobe Reader and Acrobat Use-After-Free Vulnerability

Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-5065 Microsoft · Windows Added Mar 3, 2022

Microsoft Windows Kernel Privilege Escalation Vulnerability

Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-3897 Microsoft · Internet Explorer Added Mar 3, 2022

Microsoft Internet Explorer Use-After-Free Vulnerability

A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-3346 Adobe · Reader and Acrobat Added Mar 3, 2022

Adobe Reader and Acrobat Memory Corruption Vulnerability

Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-1675 Mozilla · Firefox Added Mar 3, 2022

Mozilla Firefox Information Disclosure Vulnerability

Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-1347 Microsoft · Internet Explorer Added Mar 3, 2022

Microsoft Internet Explorer Remote Code Execution Vulnerability

This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-0641 Adobe · Reader Added Mar 3, 2022

Adobe Reader Buffer Overflow Vulnerability

A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-0640 Adobe · Reader and Acrobat Added Mar 3, 2022

Adobe Reader and Acrobat Memory Corruption Vulnerability

An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-0632 Adobe · ColdFusion Added Mar 3, 2022

Adobe ColdFusion Authentication Bypass Vulnerability

An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2012-4681 Oracle · Java SE Added Mar 3, 2022

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2012-1856 Microsoft · Office Added Mar 3, 2022

Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2012-1723 Oracle · Java SE Added Mar 3, 2022

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2012-1535 Adobe · Flash Player Added Mar 3, 2022

Adobe Flash Player Arbitrary Code Execution Vulnerability

Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2012-0507 Oracle · Java SE Added Mar 3, 2022

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2011-3544 Oracle · Java SE JDK and JRE Added Mar 3, 2022

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed