Total
165 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7311 | 1 Xen | 1 Xen | 2024-11-21 | 3.6 LOW | N/A |
| libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. | |||||
| CVE-2015-7204 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | |||||
| CVE-2015-7200 | 1 Mozilla | 1 Firefox | 2024-11-21 | 7.5 HIGH | N/A |
| The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. | |||||
| CVE-2015-7196 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. | |||||
| CVE-2015-7192 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2024-11-21 | 7.5 HIGH | N/A |
| The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. | |||||
| CVE-2015-7045 | 1 Apple | 2 Mac Os X, Tvos | 2024-11-21 | 5.0 MEDIUM | N/A |
| Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors. | |||||
| CVE-2015-7035 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.5 HIGH | N/A |
| Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors. | |||||
| CVE-2015-7030 | 1 Apple | 1 Xcode | 2024-11-21 | 7.5 HIGH | N/A |
| The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. | |||||
| CVE-2015-7023 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | 5.8 MEDIUM | N/A |
| CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. | |||||
| CVE-2015-6823 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 7.5 HIGH | N/A |
| The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. | |||||
| CVE-2015-6822 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 7.5 HIGH | N/A |
| The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. | |||||
| CVE-2015-6818 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2024-11-21 | 7.5 HIGH | N/A |
| The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks. | |||||
| CVE-2015-6760 | 1 Google | 1 Chrome | 2024-11-21 | 7.5 HIGH | N/A |
| The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device. | |||||
| CVE-2015-6758 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | N/A |
| The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. | |||||
| CVE-2015-6736 | 1 Quiz Project | 1 Quiz | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression. | |||||
| CVE-2015-6735 | 1 Timedmediahandler Project | 1 Timedmediahandler | 2024-11-21 | 5.0 MEDIUM | N/A |
| The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode. | |||||
| CVE-2015-6496 | 2 Debian, Netfilter | 2 Debian Linux, Conntrack-tools | 2024-11-21 | 5.0 MEDIUM | N/A |
| conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet. | |||||
| CVE-2015-6254 | 1 Picketlink | 1 Picketlink | 2024-11-21 | 6.0 MEDIUM | N/A |
| The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types. | |||||
| CVE-2015-5915 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.0 MEDIUM | N/A |
| Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. | |||||
| CVE-2015-5914 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.7 MEDIUM | N/A |
| The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498. | |||||