Filtered by vendor
Subscriptions
Total
166 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-7410 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | N/A |
The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. | ||||
CVE-2015-7311 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. | ||||
CVE-2015-7204 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | N/A |
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | ||||
CVE-2015-7200 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2024-11-21 | N/A |
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. | ||||
CVE-2015-7196 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2024-11-21 | N/A |
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. | ||||
CVE-2015-7192 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2024-11-21 | N/A |
The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. | ||||
CVE-2015-7045 | 1 Apple | 2 Mac Os X, Tvos | 2024-11-21 | N/A |
Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors. | ||||
CVE-2015-7035 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors. | ||||
CVE-2015-7030 | 1 Apple | 1 Xcode | 2024-11-21 | N/A |
The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. | ||||
CVE-2015-7023 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | N/A |
CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. | ||||
CVE-2015-6823 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | N/A |
The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. | ||||
CVE-2015-6822 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | N/A |
The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. | ||||
CVE-2015-6818 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2024-11-21 | N/A |
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks. | ||||
CVE-2015-6760 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | N/A |
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device. | ||||
CVE-2015-6758 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | N/A |
The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. | ||||
CVE-2015-6736 | 1 Quiz Project | 1 Quiz | 2024-11-21 | N/A |
The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression. | ||||
CVE-2015-6735 | 1 Timedmediahandler Project | 1 Timedmediahandler | 2024-11-21 | N/A |
The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode. | ||||
CVE-2015-6496 | 2 Debian, Netfilter | 2 Debian Linux, Conntrack-tools | 2024-11-21 | N/A |
conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet. | ||||
CVE-2015-6254 | 2 Picketlink, Redhat | 2 Picketlink, Jboss Enterprise Application Platform | 2024-11-21 | 6.3 Medium |
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types. | ||||
CVE-2015-5915 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. |