Search

Search Results (367208 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-7221 3 Fedoraproject, Mozilla, Opensuse 4 Fedora, Firefox, Leap and 1 more 2025-04-12 N/A
Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.
CVE-2015-7222 4 Fedoraproject, Mozilla, Opensuse and 1 more 5 Fedora, Firefox, Leap and 2 more 2025-04-12 N/A
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
CVE-2015-7223 3 Fedoraproject, Mozilla, Opensuse 4 Fedora, Firefox, Leap and 1 more 2025-04-12 N/A
The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.
CVE-2015-7226 1 Administration Views Project 1 Administration Views 2025-04-12 N/A
The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler.
CVE-2015-7227 1 Fieldable Panels Panes Project 1 Fieldable Panels Panes 2025-04-12 N/A
The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit panels.
CVE-2015-7228 1 Restful Project 1 Restful 2025-04-12 N/A
The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2015-7229 1 Twitter Project 1 Twitter 2025-04-12 N/A
The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter" permission or change the options for arbitrary attached accounts by leveraging the (2) "add twitter accounts" or (3) "add authenticated twitter accounts" permission.
CVE-2015-7230 1 Workbench Email Project 1 Workbench Email 2025-04-12 N/A
The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a node.
CVE-2015-7231 1 Drupalcommerce 1 Commerce Commonwealth 2025-04-12 N/A
The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb."
CVE-2015-7232 1 Structured Dynamics 1 Open Semantic Framework 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-7233 1 Structured Dynamics 1 Open Semantic Framework 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets via unspecified vectors.
CVE-2015-7234 1 Structured Dynamics 1 Open Semantic Framework 2025-04-12 N/A
The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors.
CVE-2015-7235 1 Cp Reservation Calender Project 1 Cp Reservation Calender 2025-04-12 N/A
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI.
CVE-2015-7236 5 Canonical, Debian, Oracle and 2 more 5 Ubuntu Linux, Debian Linux, Solaris and 2 more 2025-04-12 N/A
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
CVE-2015-7238 1 Mcafee 1 Threat Intelligence Exchange 2025-04-12 N/A
The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sensitive information by reading the files.
CVE-2015-7239 1 Sap 1 Netweaver J2ee Engine 2025-04-12 N/A
SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-7242 1 Avm 1 Fritz\! Os 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM field of an SIP INVITE message.
CVE-2015-7243 1 Boxoft 1 Boxoft Wav To Mp3 Converter 2025-04-12 N/A
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.
CVE-2015-7244 1 Mobatek 1 Mobaxterm 2025-04-12 N/A
The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets.
CVE-2015-7248 1 Zte 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware 2025-04-12 N/A
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.