CVSS: 5.3EPSS: 14%CPEs: 3EXPL: 0CVE-2015-6115
https://notcve.org/view.php?id=CVE-2015-6115
11 Nov 2015 — Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass." Microsoft .NET Framework 2.0 SP2, 3.5 y 3.5.1 permite a atacantes remotos eludir el mecanismo de protección ASLR a través de una página web manipulada, también conocida como '.NET ASLR Bypass'. • http://www.securitytracker.com/id/1034116 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 25%CPEs: 5EXPL: 1CVE-2015-6099 – Microsoft .NET Framework CVE-2015-6099 Analysis
https://notcve.org/view.php?id=CVE-2015-6099
11 Nov 2015 — Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability." Vulnerabilidad de XSS en ASP.NET en Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2 y 4.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor manipulado, también conocida como '.NET Elevation of Privilege Vulnerability'... • https://packetstorm.news/files/id/149225 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 25%CPEs: 8EXPL: 0CVE-2015-2504
https://notcve.org/view.php?id=CVE-2015-2504
09 Sep 2015 — Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability." Vulnerabilidad en Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 y 4.6, no cuenta adecuadamente los objetos ante... • http://www.securityfocus.com/bid/76560 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 18%CPEs: 4EXPL: 1CVE-2015-2526 – .NET MVC Denial of Service
https://notcve.org/view.php?id=CVE-2015-2526
09 Sep 2015 — Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted requests, aka "MVC Denial of Service Vulnerability." Vulnerabilidad en Microsoft .NET Framework 4.5, 4.5.1, 4.5.2 y 4.6, permite a usuarios remotos causar una denegación de servicio a un sitio web ASP.NET a través de una petición manipulada, también conocida como 'MVC Denial of Service Vulnerability.' • https://packetstorm.news/files/id/133579 • CWE-17: DEPRECATED: Code •
CVSS: 9.3EPSS: 46%CPEs: 37EXPL: 2CVE-2015-2456 – Microsoft Windows - 'win32k.sys' TTF Font Processing win32k!scl_ApplyTranslation Pool-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2015-2456
15 Aug 2015 — Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerabi... • https://packetstorm.news/files/id/133189 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 50%CPEs: 17EXPL: 2CVE-2015-2460 – Microsoft Windows - 'ATMFD.dll' CFF table (ATMFD+0x3440b / ATMFD+0x3440e) Invalid Memory Access
https://notcve.org/view.php?id=CVE-2015-2460
15 Aug 2015 — ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." Vulnerabilidad en ATMFD.DLL en Windows Adobe Type Manager Library en Microsoft Windows Vista SP2, Windo... • https://packetstorm.news/files/id/133195 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 46%CPEs: 29EXPL: 2CVE-2015-2462 – Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to Malformed FDSelect Offset in the CFF Table
https://notcve.org/view.php?id=CVE-2015-2462
15 Aug 2015 — ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." Vulnerabilidad en ATMFD.DLL en Windows Adobe Type Manager Library in Microsoft Windows Vist... • https://packetstorm.news/files/id/133200 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 43%CPEs: 35EXPL: 2CVE-2015-2463 – Microsoft Windows - 'win32k.sys' TTF Font Processing win32k!fsc_RemoveDups Out-of-Bounds Pool Memory Access
https://notcve.org/view.php?id=CVE-2015-2463
15 Aug 2015 — Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a dif... • https://packetstorm.news/files/id/133206 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 43%CPEs: 36EXPL: 2CVE-2015-2464 – Microsoft Windows - 'win32k.sys' TTF Font Processing win32k!fsc_BLTHoriz Out-of-Bounds Pool Write
https://notcve.org/view.php?id=CVE-2015-2464
15 Aug 2015 — Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a dif... • https://packetstorm.news/files/id/133207 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 35%CPEs: 1EXPL: 0CVE-2015-2479
https://notcve.org/view.php?id=CVE-2015-2479
15 Aug 2015 — The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2480 and CVE-2015-2481. Vulnerabilidad en el compilador RyuJIT en Microsoft .NET Framework 4.6, produce código incorrecto durante un intento de optimización, lo que permite a atacantes remotos ejecutar código ... • http://www.securitytracker.com/id/1033253 • CWE-264: Permissions, Privileges, and Access Controls •