Filtered by CWE-17
Filtered by vendor Subscriptions
Total 166 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-7410 1 Ibm 1 Sterling B2b Integrator 2024-11-21 N/A
The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
CVE-2015-7311 1 Xen 1 Xen 2024-11-21 N/A
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
CVE-2015-7204 3 Fedoraproject, Mozilla, Opensuse 4 Fedora, Firefox, Leap and 1 more 2024-11-21 N/A
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.
CVE-2015-7200 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2024-11-21 N/A
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.
CVE-2015-7196 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2024-11-21 N/A
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.
CVE-2015-7192 2 Apple, Mozilla 2 Mac Os X, Firefox 2024-11-21 N/A
The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index.
CVE-2015-7045 1 Apple 2 Mac Os X, Tvos 2024-11-21 N/A
Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors.
CVE-2015-7035 1 Apple 1 Mac Os X 2024-11-21 N/A
Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors.
CVE-2015-7030 1 Apple 1 Xcode 2024-11-21 N/A
The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors.
CVE-2015-7023 1 Apple 2 Iphone Os, Mac Os X 2024-11-21 N/A
CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.
CVE-2015-6823 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.
CVE-2015-6822 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.
CVE-2015-6818 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2024-11-21 N/A
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.
CVE-2015-6760 2 Google, Redhat 2 Chrome, Rhel Extras 2024-11-21 N/A
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device.
CVE-2015-6758 2 Google, Redhat 2 Chrome, Rhel Extras 2024-11-21 N/A
The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
CVE-2015-6736 1 Quiz Project 1 Quiz 2024-11-21 N/A
The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression.
CVE-2015-6735 1 Timedmediahandler Project 1 Timedmediahandler 2024-11-21 N/A
The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode.
CVE-2015-6496 2 Debian, Netfilter 2 Debian Linux, Conntrack-tools 2024-11-21 N/A
conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet.
CVE-2015-6254 2 Picketlink, Redhat 2 Picketlink, Jboss Enterprise Application Platform 2024-11-21 6.3 Medium
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.
CVE-2015-5915 1 Apple 1 Mac Os X 2024-11-21 N/A
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.