Total
165 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-2526 | 1 Microsoft | 1 .net Framework | 2023-12-10 | 5.0 MEDIUM | N/A |
Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted requests, aka "MVC Denial of Service Vulnerability." | |||||
CVE-2015-1259 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-10 | 7.5 HIGH | N/A |
PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2015-3811 | 2 Oracle, Wireshark | 3 Linux, Solaris, Wireshark | 2023-12-10 | 5.0 MEDIUM | N/A |
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. | |||||
CVE-2015-7204 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | |||||
CVE-2015-4620 | 1 Isc | 1 Bind | 2023-12-10 | 7.8 HIGH | N/A |
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone. | |||||
CVE-2015-7833 | 2 Novell, Redhat | 2 Suse Linux Enterprise Real Time Extension, Enterprise Linux | 2023-12-10 | 4.9 MEDIUM | N/A |
The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor. | |||||
CVE-2014-8155 | 1 Gnu | 1 Gnutls | 2023-12-10 | 4.3 MEDIUM | N/A |
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. | |||||
CVE-2015-2922 | 5 Debian, Fedoraproject, Linux and 2 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2023-12-10 | 3.3 LOW | N/A |
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | |||||
CVE-2015-1728 | 1 Microsoft | 1 Windows Media Player | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability." | |||||
CVE-2015-5914 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.7 MEDIUM | N/A |
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498. | |||||
CVE-2015-6822 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 7.5 HIGH | N/A |
The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. | |||||
CVE-2015-5176 | 1 Redhat | 1 Jboss Portal | 2023-12-10 | 5.8 MEDIUM | N/A |
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource. | |||||
CVE-2015-4335 | 2 Debian, Redislabs | 2 Debian Linux, Redis | 2023-12-10 | 10.0 HIGH | N/A |
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. | |||||
CVE-2015-6736 | 1 Quiz Project | 1 Quiz | 2023-12-10 | 5.0 MEDIUM | N/A |
The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression. | |||||
CVE-2015-2720 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.4 MEDIUM | N/A |
The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file. | |||||
CVE-2015-6760 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device. | |||||
CVE-2016-2314 | 1 Huawei | 2 Mt882, Mt882 Firmware | 2023-12-10 | 6.3 MEDIUM | 4.9 MEDIUM |
GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands. | |||||
CVE-2015-0173 | 1 Ibm | 1 Websphere Mq Internet Pass Thru | 2023-12-10 | 4.3 MEDIUM | N/A |
The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value. | |||||
CVE-2015-1287 | 4 Debian, Google, Opensuse and 1 more | 7 Debian Linux, Chrome, Opensuse and 4 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp. | |||||
CVE-2015-5605 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2023-12-10 | 5.0 MEDIUM | N/A |
The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message. |