The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2015-6107 | The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10 Gold and 1511, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka Graphics Memory Corruption Vulnerability. | High | Dec 9, 2015 |
| CVE-2015-6106 | The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka Graphics Memory Corruption Vulnerability. | High | Dec 9, 2015 |
| CVE-2015-6105 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6104 | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka Windows Graphics Memory Remote Code Execution Vulnerability, a different vulnerability than CVE-2015-6103. | HIGH | Nov 11, 2015 |
| CVE-2015-6103 | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka Windows Graphics Memory Remote Code Execution Vulnerability, a different vulnerability than CVE-2015-6104. | HIGH | Nov 11, 2015 |
| CVE-2015-6102 | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka Windows Kernel Memory Information Disclosure Vulnerability. | LOW | Nov 11, 2015 |
| CVE-2015-6101 | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka Windows Kernel Memory Elevation of Privilege Vulnerability, a different vulnerability than CVE-2015-6100. | HIGH | Nov 11, 2015 |
| CVE-2015-6100 | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka Windows Kernel Memory Elevation of Privilege Vulnerability, a different vulnerability than CVE-2015-6101. | HIGH | Nov 11, 2015 |
| CVE-2015-6099 | Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka .NET Elevation of Privilege Vulnerability. | MEDIUM | Nov 11, 2015 |
| CVE-2015-6098 | Buffer overflow in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka Windows NDIS Elevation of Privilege Vulnerability. | HIGH | Nov 11, 2015 |
| CVE-2015-6097 | Heap-based buffer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted Journal (.jnt) file, aka Windows Journal Heap Overflow Vulnerability. | HIGH | Nov 11, 2015 |
| CVE-2015-6096 | The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka .NET Information Disclosure Vulnerability. | MEDIUM | Nov 11, 2015 |
| CVE-2015-6095 | Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles password changes, which allows physically proximate attackers to bypass authentication, and conduct decryption attacks against certain BitLocker configurations, by connecting to an unintended Key Distribution Center (KDC), aka Windows Kerberos Security Feature Bypass. | MEDIUM | Nov 11, 2015 |
| CVE-2015-6094 | Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka Microsoft Office Memory Corruption Vulnerability. | HIGH | Nov 11, 2015 |
| CVE-2015-6093 | Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka Microsoft Office Memory Corruption Vulnerability. | HIGH | Nov 11, 2015 |
| CVE-2015-6092 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka Microsoft Office Memory Corruption Vulnerability. | HIGH | Nov 11, 2015 |
| CVE-2015-6091 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka Microsoft Office Memory Corruption Vulnerability. | HIGH | Nov 11, 2015 |
| CVE-2015-6090 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6089 | The Microsoft (1) VBScript and (2) JScript engines, as used in Internet Explorer 8 through 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Scripting Engine Memory Corruption Vulnerability. | HIGH | Nov 11, 2015 |
| CVE-2015-6088 | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka Microsoft Browser ASLR Bypass. | MEDIUM | Nov 11, 2015 |
| CVE-2015-6087 | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CVE-2015-6074, and CVE-2015-6076. | HIGH | Nov 11, 2015 |
| CVE-2015-6086 | Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka Internet Explorer Information Disclosure Vulnerability. | MEDIUM | Nov 11, 2015 |
| CVE-2015-6085 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6064 and CVE-2015-6084. | HIGH | Nov 11, 2015 |
| CVE-2015-6084 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6064 and CVE-2015-6085. | HIGH | Nov 11, 2015 |
| CVE-2015-6083 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6151. | High | Dec 9, 2015 |
| CVE-2015-6082 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, and CVE-2015-6080. | HIGH | Nov 11, 2015 |
| CVE-2015-6081 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6069. | HIGH | Nov 11, 2015 |
| CVE-2015-6080 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, and CVE-2015-6082. | HIGH | Nov 11, 2015 |
| CVE-2015-6079 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6080, and CVE-2015-6082. | HIGH | Nov 11, 2015 |
| CVE-2015-6078 | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Microsoft Browser Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6065. | HIGH | Nov 11, 2015 |
| CVE-2015-6077 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082. | HIGH | Nov 11, 2015 |
| CVE-2015-6076 | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CVE-2015-6074, and CVE-2015-6087. | HIGH | Nov 11, 2015 |
| CVE-2015-6075 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6077, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082. | HIGH | Nov 11, 2015 |
| CVE-2015-6074 | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CVE-2015-6076, and CVE-2015-6087. | HIGH | Nov 11, 2015 |
| CVE-2015-6073 | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Microsoft Browser Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082. | HIGH | Nov 11, 2015 |
| CVE-2015-6072 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6068, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082. | HIGH | Nov 11, 2015 |
| CVE-2015-6071 | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6074, CVE-2015-6076, and CVE-2015-6087. | HIGH | Nov 11, 2015 |
| CVE-2015-6070 | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6066, CVE-2015-6071, CVE-2015-6074, CVE-2015-6076, and CVE-2015-6087. | HIGH | Nov 11, 2015 |
| CVE-2015-6069 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6081. | HIGH | Nov 11, 2015 |
| CVE-2015-6068 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082. | HIGH | Nov 11, 2015 |
| CVE-2015-6067 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6066 | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6070, CVE-2015-6071, CVE-2015-6074, CVE-2015-6076, and CVE-2015-6087. | HIGH | Nov 11, 2015 |
| CVE-2015-6065 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6078. | HIGH | Nov 11, 2015 |
| CVE-2015-6064 | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Microsoft Browser Memory Corruption Vulnerability, a different vulnerability than CVE-2015-6084 and CVE-2015-6085. | HIGH | Nov 11, 2015 |
| CVE-2015-6063 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6062 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6061 | Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka Server Input Validation Information Disclosure Vulnerability. | MEDIUM | Nov 11, 2015 |
| CVE-2015-6060 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6059 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka Scripting Engine Information Disclosure Vulnerability. | MEDIUM | Oct 13, 2015 |
| CVE-2015-6058 | Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka Microsoft Edge XSS Filter Bypass. | MEDIUM | Oct 13, 2015 |
