Search Results (433 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5176 1 Redhat 2 Jboss Enterprise Portal Platform, Jboss Portal 2025-04-12 N/A
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
CVE-2015-5229 1 Redhat 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more 2025-04-12 N/A
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
CVE-2015-5894 1 Apple 1 Mac Os X 2025-04-12 N/A
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
CVE-2015-5912 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
CVE-2015-5914 1 Apple 1 Mac Os X 2025-04-12 N/A
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498.
CVE-2015-5915 1 Apple 1 Mac Os X 2025-04-12 N/A
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.
CVE-2015-6735 1 Timedmediahandler Project 1 Timedmediahandler 2025-04-12 N/A
The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode.
CVE-2015-6736 1 Quiz Project 1 Quiz 2025-04-12 N/A
The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression.
CVE-2015-6758 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
CVE-2015-6760 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device.
CVE-2015-6818 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2025-04-12 N/A
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.
CVE-2015-6822 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.
CVE-2015-6823 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.
CVE-2015-7793 1 Corega 1 Cg-wlbaragm Firmware 2025-04-12 N/A
Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors.
CVE-2015-8547 2 Opensuse, Quassel-irc 3 Leap, Opensuse, Quassel 2025-04-12 N/A
The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.
CVE-2016-1940 2 Google, Mozilla 2 Android, Firefox 2025-04-12 N/A
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.
CVE-2016-1943 3 Google, Mozilla, Opensuse 4 Android, Firefox, Leap and 1 more 2025-04-12 N/A
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
CVE-2015-3292 1 Netapp 1 Oncommand Workflow Automation 2025-04-12 N/A
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-3646 1 Cybozu 1 Cybozu Live 2025-04-11 N/A
The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression.
CVE-2012-6152 2 Pidgin, Redhat 2 Pidgin, Enterprise Linux 2025-04-11 N/A
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.