Vulnerabilities (CVE)

Filtered by CWE-20
Total 11630 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8538 1 Libdwarf Project 1 Libdwarf 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).
CVE-2015-8489 1 Cybozu 1 Office 2026-06-17 6.8 MEDIUM 6.5 MEDIUM
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153.
CVE-2015-8476 2 Debian, Phpmailer Project 2 Debian Linux, Phpmailer 2026-06-17 5.0 MEDIUM N/A
Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.
CVE-2015-8466 2 Fedoraproject, Openstack 2 Fedora, Swift3 2026-06-17 5.8 MEDIUM 7.4 HIGH
Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.
CVE-2015-8373 1 Isc 1 Kea 2026-06-17 7.1 HIGH 6.8 MEDIUM
The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet.
CVE-2015-8360 1 Atlassian 1 Bamboo 2026-06-17 7.5 HIGH 9.8 CRITICAL
An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port.
CVE-2015-8331 1 Huawei 1 Vcn500 2026-06-17 5.8 MEDIUM 7.4 HIGH
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID.
CVE-2015-8305 1 Huawei 2 P7, P7 Firmware 2026-06-17 7.1 HIGH 5.5 MEDIUM
Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege.
CVE-2015-8265 1 Huawei 4 E5151, E5151 Firmware, E5186 and 1 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors.
CVE-2015-8229 1 Huawei 3 Espace Firmware, Espace Unified Gateway U2980, Espace Unified Gateway U2990 2026-06-17 4.0 MEDIUM N/A
Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling packets from a registered device.
CVE-2015-8227 1 Huawei 2 Vp9660, Vp 9660 Firmware 2026-06-17 8.5 HIGH N/A
The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted message.
CVE-2015-8226 1 Huawei 2 Ale Firmware, Gem-703l Firmware 2026-06-17 7.1 HIGH 5.5 MEDIUM
The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8225.
CVE-2015-8225 1 Huawei 2 Ale Firmware, Gem-703l Firmware 2026-06-17 7.1 HIGH 5.5 MEDIUM
The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8226.
CVE-2015-8219 1 Ffmpeg 1 Ffmpeg 2026-06-17 7.5 HIGH N/A
The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.
CVE-2015-8218 1 Ffmpeg 1 Ffmpeg 2026-06-17 6.8 MEDIUM N/A
The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.
CVE-2015-8217 1 Ffmpeg 1 Ffmpeg 2026-06-17 7.5 HIGH N/A
The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data.
CVE-2015-8215 1 Linux 1 Linux Kernel 2026-06-17 5.0 MEDIUM N/A
net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product.
CVE-2015-8212 1 Netbsd 1 Netbsd 2026-06-17 7.5 HIGH 9.8 CRITICAL
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.
CVE-2015-8138 1 Ntp 1 Ntp 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
CVE-2015-8099 1 F5 21 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 18 more 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment.