Total
166 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-7200 | 2 Mozilla, Redhat | 3 Firefox, Firefox Esr, Enterprise Linux | 2024-08-06 | N/A |
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. | ||||
CVE-2015-7030 | 1 Apple | 1 Xcode | 2024-08-06 | N/A |
The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. | ||||
CVE-2015-7035 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors. | ||||
CVE-2015-7045 | 1 Apple | 2 Mac Os X, Tvos | 2024-08-06 | N/A |
Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors. | ||||
CVE-2015-7023 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-08-06 | N/A |
CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. | ||||
CVE-2015-6823 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. | ||||
CVE-2015-6736 | 1 Quiz Project | 1 Quiz | 2024-08-06 | N/A |
The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression. | ||||
CVE-2015-6818 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2024-08-06 | N/A |
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks. | ||||
CVE-2015-6735 | 1 Timedmediahandler Project | 1 Timedmediahandler | 2024-08-06 | N/A |
The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode. | ||||
CVE-2015-6822 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. | ||||
CVE-2015-6760 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device. | ||||
CVE-2015-6758 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. | ||||
CVE-2015-6496 | 2 Debian, Netfilter | 2 Debian Linux, Conntrack-tools | 2024-08-06 | N/A |
conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet. | ||||
CVE-2015-6254 | 2 Picketlink, Redhat | 2 Picketlink, Jboss Enterprise Application Platform | 2024-08-06 | 6.3 Medium |
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types. | ||||
CVE-2015-5912 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-08-06 | N/A |
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. | ||||
CVE-2015-5887 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data. | ||||
CVE-2015-5894 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | ||||
CVE-2015-5915 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. | ||||
CVE-2015-5914 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498. | ||||
CVE-2015-5748 | 1 Apple | 3 Iphone Os, Mac Os X, Safari | 2024-08-06 | N/A |
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. |