Zero-Day Vulnerabilities
| Year | Vulnerability | Severity | Affected | Impact | Status |
|---|---|---|---|---|---|
| 2015 |
CVE-2015-5119
Discovered after the Hacking Team breach, exploited in the wild.
|
Critical 10.0 |
Flash Player <18.0.0.203
|
|
Patched |
| 2015 |
CVE-2015-3824
Allowed remote code execution via malicious MMS.
|
Critical 10.0 |
Android <5.1.1
|
|
Patched |
| 2014 |
CVE-2014-0160
Allowed attackers to read memory from servers using vulnerable OpenSSL.
|
Critical 9.4 |
OpenSSL 1.0.1–1.0.1f
|
|
Patched |
| 2014 |
CVE-2014-4114
Used in targeted attacks against NATO and EU organizations.
|
High 8.3 |
Windows Vista–8.1
|
|
Patched |
| 2013 |
CVE-2013-1347
Exploited in watering hole attacks.
|
Critical 9.3 |
IE 8
|
|
Patched |
| 2013 |
CVE-2013-0422
Exploited in exploit kits for drive-by downloads.
|
Critical 10.0 |
Java 7
|
|
Patched |
| 2012 |
CVE-2012-1889
Exploited in targeted attacks via drive-by downloads.
|
Critical 9.3 |
IE 6–9
|
|
Patched |
| 2011 |
CVE-2011-3402
Exploited by Duqu malware via malicious Word documents.
|
Critical 9.3 |
Windows XP–7
|
|
Patched |
| 2010 |
CVE-2010-2568
Used in the Stuxnet worm to spread via malicious shortcut files.
|
Critical 9.3 |
Windows XP/Vista/7
|
|
Patched |
| 2010 |
CVE-2010-2729
Exploited by Stuxnet for spreading across networks.
|
High 8.3 |
Windows XP/Server 2003/7
|
|
Patched |
|
Last updated: September 2015 | Sources: NVD, CVE Details, Security Vendor Reports
Critical (9.0-10.0)
High (7.0-8.9)
Legacy
|
|||||