Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2015-05-13 CVE-2015-1671 Unspecified vulnerability in Microsoft products
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
local
low complexity
microsoft
7.8
2015-04-22 CVE-2015-3035 Path Traversal vulnerability in Tp-Link products
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a ..
network
low complexity
tp-link CWE-22
7.5
2015-04-21 CVE-2015-1701 Unspecified vulnerability in Microsoft products
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
local
low complexity
microsoft
7.8
2015-04-18 CVE-2015-0970 Cross-Site Request Forgery (CSRF) vulnerability in Searchblox
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
searchblox CWE-352
8.8
2015-04-14 CVE-2015-1641 Out-of-bounds Write vulnerability in Microsoft products
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-787
7.8
2015-04-10 CVE-2015-1098 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
local
low complexity
apple CWE-119
7.3
2015-01-13 CVE-2015-0016 Path Traversal vulnerability in Microsoft products
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-22
7.8
2015-01-13 CVE-2014-100005 Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-600 Firmware 2.16Ww
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev.
network
low complexity
dlink CWE-352
8.8
2014-12-17 CVE-2014-9322 Improper Privilege Management vulnerability in multiple products
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
7.8
2014-12-05 CVE-2014-7255 Resource Exhaustion vulnerability in IIJ products
Internet Initiative Japan Inc.
network
low complexity
iij CWE-400
7.5