Search Results (433 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-2737 6 Canonical, Debian, Mozilla and 3 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2025-04-12 N/A
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
CVE-2015-2738 6 Canonical, Debian, Mozilla and 3 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2025-04-12 N/A
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
CVE-2015-2743 4 Mozilla, Novell, Oracle and 1 more 7 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 4 more 2025-04-12 N/A
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.
CVE-2015-2751 2 Fedoraproject, Xen 2 Fedora, Xen 2025-04-12 N/A
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.
CVE-2015-2987 1 Type74 1 Ed 2025-04-12 N/A
Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits.
CVE-2015-3002 1 Juniper 13 Junos, Srx100, Srx110 and 10 more 2025-04-12 N/A
Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port console] stanza, which allows physically proximate attackers to reconnect to the console port and gain administrative access by leveraging access to the device.
CVE-2015-4037 1 Qemu 1 Qemu 2025-04-12 N/A
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
CVE-2015-4335 3 Debian, Redhat, Redislabs 3 Debian Linux, Openstack, Redis 2025-04-12 N/A
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
CVE-2015-4941 1 Ibm 1 Websphere Mq Light 2025-04-12 N/A
IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors.
CVE-2015-4943 1 Ibm 1 Websphere Mq Light 2025-04-12 N/A
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942.
CVE-2015-4963 1 Ibm 1 Security Access Manager For Web 2025-04-12 N/A
IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
CVE-2015-5369 1 Juniper 4 Mag Pcs360, Pcs6000, Pcs6500 and 1 more 2025-04-12 N/A
Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.
CVE-2015-5505 1 Codfront Labs 1 Http Strict Transport Security 2025-04-12 N/A
The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors.
CVE-2015-5887 1 Apple 1 Mac Os X 2025-04-12 N/A
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.
CVE-2015-5894 1 Apple 1 Mac Os X 2025-04-12 N/A
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
CVE-2015-5912 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
CVE-2015-5914 1 Apple 1 Mac Os X 2025-04-12 N/A
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498.
CVE-2015-5915 1 Apple 1 Mac Os X 2025-04-12 N/A
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.
CVE-2015-6735 1 Timedmediahandler Project 1 Timedmediahandler 2025-04-12 N/A
The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode.
CVE-2015-6736 1 Quiz Project 1 Quiz 2025-04-12 N/A
The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression.