Filtered by CWE-19
Filtered by vendor Subscriptions
Total 232 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-4025 3 Apple, Php, Redhat 10 Mac Os X, Php, Enterprise Linux and 7 more 2024-11-21 N/A
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
CVE-2015-3991 1 Strongswan 1 Strongswan 2024-11-21 N/A
strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.
CVE-2015-3990 1 Sonicwall 4 Analyzer, Global Management System, Uma Em5000 and 1 more 2024-11-21 N/A
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.
CVE-2015-3958 1 Hospira 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware 2024-11-21 N/A
Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (forced manual reboot) via a flood of TCP packets.
CVE-2015-3763 1 Apple 1 Iphone Os 2024-11-21 N/A
Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site.
CVE-2015-3294 2 Oracle, Thekelleys 2 Solaris, Dnsmasq 2024-11-21 N/A
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.
CVE-2015-3225 4 Debian, Opensuse, Rack Project and 1 more 6 Debian Linux, Opensuse, Rack and 3 more 2024-11-21 N/A
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
CVE-2015-2432 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2024-11-21 N/A
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
CVE-2015-2373 1 Microsoft 3 Windows 7, Windows 8, Windows Server 2012 2024-11-21 N/A
The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka "Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability."
CVE-2015-2328 3 Oracle, Pcre, Redhat 4 Linux, Pcre, Enterprise Linux and 1 more 2024-11-21 N/A
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-2285 1 Ubuntu 2 Upstart, Vivid 2024-11-21 N/A
The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.
CVE-2015-2255 1 Huawei 2 Ar1220, Ar1220 Firmware 2024-11-21 N/A
Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port.
CVE-2015-2239 1 Google 1 Chrome 2024-11-21 N/A
Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address bar for a search-results page by leveraging (1) a compromised search engine or (2) an XSS vulnerability in a search engine, a different vulnerability than CVE-2015-1231.
CVE-2015-2190 3 Opensuse, Oracle, Wireshark 3 Opensuse, Solaris, Wireshark 2024-11-21 N/A
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector.
CVE-2015-2188 6 Debian, Mageia, Opensuse and 3 more 7 Debian Linux, Mageia, Opensuse and 4 more 2024-11-21 N/A
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.
CVE-2015-1839 2 Fedoraproject, Saltstack 2 Fedora, Salt 2024-11-21 N/A
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVE-2015-1838 2 Fedoraproject, Saltstack 2 Fedora, Salt 2024-11-21 N/A
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVE-2015-1827 3 Fedoraproject, Freeipa, Redhat 3 Fedora, Freeipa, Enterprise Linux 2024-11-21 N/A
The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.
CVE-2015-1760 1 Microsoft 2 Office, Office Compatibility Pack 2024-11-21 N/A
Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
CVE-2015-1759 1 Microsoft 1 Office Compatibility Pack 2024-11-21 N/A
Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."