Search Results (26432 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-6826 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2025-04-12 N/A
The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.
CVE-2015-7420 1 Ibm 1 Mq Appliance M2000 2025-04-12 N/A
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421.
CVE-2015-2044 1 Xen 1 Xen 2025-04-12 N/A
The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.
CVE-2015-7231 1 Drupalcommerce 1 Commerce Commonwealth 2025-04-12 N/A
The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb."
CVE-2015-2434 1 Microsoft 1 Xml Core Services 2025-04-12 N/A
Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471.
CVE-2015-2053 1 Mcafee 1 Mcafee Agent 2025-04-12 N/A
The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability.
CVE-2015-5780 1 Apple 1 Safari 2025-04-12 N/A
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.
CVE-2015-5782 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2015-5788 1 Apple 2 Iphone Os, Safari 2025-04-12 N/A
The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
CVE-2015-0702 1 Cisco 1 Unified Meetingplace 2025-04-12 N/A
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712.
CVE-2015-2762 1 Websense 1 Triton Ap Web 2025-04-12 N/A
Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication.
CVE-2015-5859 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
CVE-2015-7374 1 Indusoft 1 Web Studio 2025-04-12 N/A
The Remote Agent component in Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-2649.
CVE-2015-5863 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 N/A
IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.
CVE-2015-2817 1 Sap 1 Netweaver 2025-04-12 N/A
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.
CVE-2015-5869 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 N/A
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
CVE-2015-5870 1 Apple 1 Mac Os X 2025-04-12 N/A
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.
CVE-2015-2822 1 Siemens 1 Wincc 2025-04-12 N/A
Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102.
CVE-2015-2951 1 F21 1 Jwt 2025-04-12 N/A
JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens.
CVE-2015-3004 1 Juniper 1 Junos 2025-04-12 N/A
J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R5, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, and 14.2 before 14.2R1 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.