Search Results (433 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4943 1 Ibm 1 Websphere Mq Light 2025-04-12 N/A
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942.
CVE-2015-5176 1 Redhat 2 Jboss Enterprise Portal Platform, Jboss Portal 2025-04-12 N/A
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
CVE-2015-5369 1 Juniper 4 Mag Pcs360, Pcs6000, Pcs6500 and 1 more 2025-04-12 N/A
Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.
CVE-2015-5748 1 Apple 3 Iphone Os, Mac Os X, Safari 2025-04-12 N/A
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
CVE-2015-5894 1 Apple 1 Mac Os X 2025-04-12 N/A
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
CVE-2015-5915 1 Apple 1 Mac Os X 2025-04-12 N/A
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.
CVE-2015-6496 2 Debian, Netfilter 2 Debian Linux, Conntrack-tools 2025-04-12 N/A
conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet.
CVE-2015-6736 1 Quiz Project 1 Quiz 2025-04-12 N/A
The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression.
CVE-2015-6758 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
CVE-2015-6760 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device.
CVE-2015-6823 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.
CVE-2015-7030 1 Apple 1 Xcode 2025-04-12 N/A
The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors.
CVE-2015-7023 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.
CVE-2015-7035 1 Apple 1 Mac Os X 2025-04-12 N/A
Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors.
CVE-2015-7045 1 Apple 2 Mac Os X, Tvos 2025-04-12 N/A
Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors.
CVE-2015-7200 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.
CVE-2015-7311 1 Xen 1 Xen 2025-04-12 N/A
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
CVE-2016-1940 2 Google, Mozilla 2 Android, Firefox 2025-04-12 N/A
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.
CVE-2016-1943 3 Google, Mozilla, Opensuse 4 Android, Firefox, Leap and 1 more 2025-04-12 N/A
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
CVE-2016-2314 1 Huawei 2 Mt882, Mt882 Firmware 2025-04-12 N/A
GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands.