Vulnerabilities (CVE)

Filtered by CWE-119
Total 13645 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8030 1 Sap 1 3d Visual Enterprise Viewer 2026-06-17 6.8 MEDIUM N/A
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities.
CVE-2015-8029 1 Sap 1 3d Visual Enterprise Viewer 2026-06-17 6.8 MEDIUM N/A
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption.
CVE-2015-8028 1 Sap 1 3d Visual Enterprise Viewer 2026-06-17 6.8 MEDIUM N/A
Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file.
CVE-2015-8026 1 Exfat Project 1 Exfat 2026-06-17 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem.
CVE-2015-7992 1 Sap 1 Hana 2026-06-17 4.0 MEDIUM N/A
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928.
CVE-2015-7987 1 Apple 6 Airport Base Station, Airport Base Station Firmware, Iphone Os and 3 more 2026-06-17 6.8 MEDIUM 9.8 CRITICAL
Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.
CVE-2015-7986 1 Sap 1 Hana 2026-06-17 7.5 HIGH N/A
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.
CVE-2015-7975 1 Ntp 1 Ntp 2026-06-17 2.1 LOW 6.2 MEDIUM
The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).
CVE-2015-7942 5 Apple, Canonical, Debian and 2 more 9 Iphone Os, Mac Os X, Tvos and 6 more 2026-06-17 6.8 MEDIUM N/A
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
CVE-2015-7941 2 Canonical, Xmlsoft 2 Ubuntu Linux, Libxml2 2026-06-17 4.3 MEDIUM N/A
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.
CVE-2015-7939 1 Unitronics 1 Visilogic Oplc Ide 2026-06-17 9.3 HIGH 9.6 CRITICAL
Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.
CVE-2015-7937 1 Schneider-electric 13 Bmxnoc0401, Bmxnoe0100, Bmxnoe0100h and 10 more 2026-06-17 10.0 HIGH N/A
Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.
CVE-2015-7918 1 Schneider-electric 1 Proclima 2026-06-17 6.8 MEDIUM N/A
Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561.
CVE-2015-7909 1 Hospira 2 Communication Engine, Lifecare Pca Infusion System 2026-06-17 7.5 HIGH 7.3 HIGH
Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000.
CVE-2015-7897 1 Samsung 1 Galaxy S6 2026-06-17 7.5 HIGH N/A
The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file.
CVE-2015-7896 1 Samsung 2 Galaxy S6, Samsung Mobile 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
CVE-2015-7894 1 Samsung 2 Galaxy S6 Edge, Galaxy S6 Edge Firmware 2026-06-17 6.8 MEDIUM 8.8 HIGH
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.
CVE-2015-7860 1 Accelerite 1 Radia Client Automation 2026-06-17 10.0 HIGH N/A
Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending a large amount of data in an environment that lacks relationship-based firewalling.
CVE-2015-7829 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2026-06-17 1.9 LOW N/A
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows mishandle junctions in the Synchronizer directory, which allows attackers to delete arbitrary files via Adobe Collaboration Sync, a related issue to CVE-2015-2428.
CVE-2015-7814 1 Xen 1 Xen 2026-06-17 4.7 MEDIUM N/A
Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain.