Vulnerabilities (CVE)

Filtered by CWE-17
Total 165 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5912 1 Apple 2 Iphone Os, Mac Os X 2024-11-21 5.0 MEDIUM N/A
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
CVE-2015-5894 1 Apple 1 Mac Os X 2024-11-21 4.3 MEDIUM N/A
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
CVE-2015-5887 1 Apple 1 Mac Os X 2024-11-21 10.0 HIGH N/A
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.
CVE-2015-5748 1 Apple 3 Iphone Os, Mac Os X, Safari 2024-11-21 2.1 LOW N/A
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
CVE-2015-5605 2 Google, Opensuse 2 Chrome, Opensuse 2024-11-21 5.0 MEDIUM N/A
The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message.
CVE-2015-5505 1 Codfront Labs 1 Http Strict Transport Security 2024-11-21 6.8 MEDIUM N/A
The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors.
CVE-2015-5369 1 Juniper 4 Mag Pcs360, Pcs6000, Pcs6500 and 1 more 2024-11-21 4.3 MEDIUM N/A
Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.
CVE-2015-5229 1 Redhat 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
CVE-2015-5176 1 Redhat 1 Jboss Portal 2024-11-21 5.8 MEDIUM N/A
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
CVE-2015-4963 1 Ibm 1 Security Access Manager For Web 2024-11-21 7.5 HIGH N/A
IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
CVE-2015-4943 1 Ibm 1 Websphere Mq Light 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942.
CVE-2015-4941 1 Ibm 1 Websphere Mq Light 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors.
CVE-2015-4700 1 Linux 1 Linux Kernel 2024-11-21 4.9 MEDIUM N/A
The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.
CVE-2015-4637 1 F5 4 Big-iq Adc, Big-iq Cloud, Big-iq Device and 1 more 2024-11-21 4.3 MEDIUM N/A
The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.
CVE-2015-4620 1 Isc 1 Bind 2024-11-21 7.8 HIGH N/A
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.
CVE-2015-4335 2 Debian, Redislabs 2 Debian Linux, Redis 2024-11-21 10.0 HIGH N/A
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
CVE-2015-4037 1 Qemu 1 Qemu 2024-11-21 1.9 LOW N/A
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
CVE-2015-3811 2 Oracle, Wireshark 3 Linux, Solaris, Wireshark 2024-11-21 5.0 MEDIUM N/A
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.
CVE-2015-3334 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2024-11-21 4.3 MEDIUM N/A
browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited.
CVE-2015-3292 1 Netapp 1 Oncommand Workflow Automation 2024-11-21 10.0 HIGH N/A
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.