Vulnerabilities (CVE)

Filtered by CWE-20
Total 11665 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8923 3 Canonical, Libarchive, Novell 5 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 2 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
CVE-2015-8899 2 Canonical, Thekelleys 2 Ubuntu Linux, Dnsmasq 2026-06-17 5.0 MEDIUM 7.5 HIGH
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
CVE-2015-8879 1 Php 1 Php 2026-06-17 5.0 MEDIUM 7.5 HIGH
The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.
CVE-2015-8873 2 Opensuse, Php 2 Leap, Php 2026-06-17 5.0 MEDIUM 7.5 HIGH
Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.
CVE-2015-8870 1 Libtiff 1 Libtiff 2026-06-17 5.8 MEDIUM 7.4 HIGH
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
CVE-2015-8853 2 Fedoraproject, Perl 2 Fedora, Perl 2026-06-17 5.0 MEDIUM 7.5 HIGH
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
CVE-2015-8844 1 Linux 1 Linux Kernel 2026-06-17 4.7 MEDIUM 5.5 MEDIUM
The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
CVE-2015-8760 1 Typo3 1 Typo3 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."
CVE-2015-8747 1 Radicale 1 Radicale 2026-06-17 7.5 HIGH 10.0 CRITICAL
The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.
CVE-2015-8744 2 Debian, Qemu 2 Debian Linux, Qemu 2026-06-17 2.1 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.
CVE-2015-8742 1 Wireshark 1 Wireshark 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
CVE-2015-8741 1 Wireshark 1 Wireshark 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2015-8740 1 Wireshark 1 Wireshark 2026-06-17 4.3 MEDIUM 5.3 MEDIUM
The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
CVE-2015-8739 1 Wireshark 1 Wireshark 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
CVE-2015-8738 1 Wireshark 1 Wireshark 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.
CVE-2015-8737 1 Wireshark 1 Wireshark 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
CVE-2015-8736 1 Wireshark 1 Wireshark 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.
CVE-2015-8735 1 Wireshark 1 Wireshark 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet.
CVE-2015-8734 1 Wireshark 1 Wireshark 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2015-8733 1 Wireshark 1 Wireshark 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.