CVE-2015-0037
published 2015-02-11CVE-2015-0037: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka…
PriorityP352critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
26.71%
97.8th percentile
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0040, and CVE-2015-0066.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f77x-8486-m8vx: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-0066 [CRITICAL] GHSA-f77x-8486-m8vx: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0040.
GHSA
GHSA-c5wh-gw3c-mrf3: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-0040 [CRITICAL] GHSA-c5wh-gw3c-mrf3: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0066.
GHSA
GHSA-q2vh-mj5j-gf95: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-0037 [CRITICAL] GHSA-q2vh-mj5j-gf95: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0040, and CVE-2015-0066.
GHSA
GHSA-hpw3-wqfm-fjh6: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-0018 [CRITICAL] GHSA-hpw3-wqfm-fjh6: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0037, CVE-2015-0040, and CVE-2015-0066.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-1515 libebml: Multiple ElementList Double Free Vulnerabilities
bugzilla·2017-01-12·CVSS 9.6
CVE-2016-1515 [CRITICAL] CVE-2016-1515 libebml: Multiple ElementList Double Free Vulnerabilities
CVE-2016-1515 libebml: Multiple ElementList Double Free Vulnerabilities
A vulnerability was found in libebml. A use after free/double free vulnerability can occur in libebml while parsing Track elements of the MKV container which would crash the application.
References:
http://www.talosintelligence.com/reports/TALOS-2016-0037/
Discussion:
Created libebml tracking bugs for this issue:
Affects: epel-all [bug 1412634]
Affects: fedora-all [bug 1412633]
---
Upon closer investigation, I believe it is a duplicate of CVE-2015-8789 (bug 1276332) and will close it as such upon confirmation from upstream.
---
*** This bug has been marked as a duplicate of bug 1276332 ***
Bugzilla
CVE-2015-5331 CVE-2015-5332 CVE-2015-5335 CVE-2015-5336 CVE-2015-5337 CVE-2015-5338 CVE-2015-5339 CVE-2015-5340 CVE-2015-5341 CVE-2015-5342 moodle: Multiple security issues fixed in 2.7.11, 2.8.9, 2.9
bugzilla·2015-12-03·CVSS 4.3
CVE-2015-5331 [MEDIUM] CVE-2015-5331 CVE-2015-5332 CVE-2015-5335 CVE-2015-5336 CVE-2015-5337 CVE-2015-5338 CVE-2015-5339 CVE-2015-5340 CVE-2015-5341 CVE-2015-5342 moodle: Multiple security issues fixed in 2.7.11, 2.8.9, 2.9
CVE-2015-5331 CVE-2015-5332 CVE-2015-5335 CVE-2015-5336 CVE-2015-5337 CVE-2015-5338 CVE-2015-5339 CVE-2015-5340 CVE-2015-5341 CVE-2015-5342 moodle: Multiple security issues fixed in 2.7.11, 2.8.9, 2.9.3
Multiple security issues were fixed in versions 2.7.11, 2.8.9 and 2.9.3 of moodle.
(MSA-15-0037) CVE-2015-5331 Possible to send a message to a user who blocked messages from non contacts:
Insufficient settings check when messaging another user opens spam possibility. Users who are not in contact list still can send messages though it is blocked in preferences.
Versions affected: 2.9 to 2.9.2
Versions fixed: 2.9.3
Reported by: Pavel Sokolov
Upstream patch: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50426
(MSA-15-0038) CVE-2015-5332 DDoS possibility in Atto:
If
http://www.securityfocus.com/bid/72448http://www.securitytracker.com/id/1031723https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009http://www.securityfocus.com/bid/72448http://www.securitytracker.com/id/1031723https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009
2015-02-11
Published