Vulnerabilities (CVE)

Filtered by CWE-20
Total 11617 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7216 4 Fedoraproject, Gnome, Mozilla and 1 more 5 Fedora, Gnome, Firefox and 2 more 2026-06-17 6.8 MEDIUM N/A
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image.
CVE-2015-7211 3 Fedoraproject, Mozilla, Opensuse 4 Fedora, Firefox, Leap and 1 more 2026-06-17 5.0 MEDIUM N/A
Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.
CVE-2015-7094 1 Apple 2 Iphone Os, Mac Os X 2026-06-17 2.6 LOW N/A
CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.
CVE-2015-7093 1 Apple 1 Safari 2026-06-17 4.3 MEDIUM N/A
Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site.
CVE-2015-7079 1 Apple 2 Iphone Os, Tvos 2026-06-17 9.3 HIGH N/A
dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-7072 1 Apple 3 Iphone Os, Tvos, Watchos 2026-06-17 9.3 HIGH N/A
dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-7047 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2026-06-17 7.2 HIGH N/A
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
CVE-2015-7036 1 Apple 2 Iphone Os, Mac Os X 2026-06-17 7.5 HIGH N/A
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.
CVE-2015-7004 1 Apple 1 Iphone Os 2026-06-17 7.1 HIGH N/A
The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app.
CVE-2015-6987 1 Apple 1 Mac Os X 2026-06-17 2.1 LOW N/A
The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder.
CVE-2015-6934 1 Vmware 2 Vcenter Orchestrator, Vrealize Orchestrator 2026-06-17 7.5 HIGH 7.3 HIGH
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
CVE-2015-6908 2 Apple, Openldap 2 Mac Os X, Openldap 2026-06-17 5.0 MEDIUM N/A
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
CVE-2015-6864 1 Hp 1 Arcsight Logger 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
CVE-2015-6863 1 Hp 1 Arcsight Logger 2026-06-17 7.5 HIGH 7.3 HIGH
HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
CVE-2015-6849 1 Emc 1 Networker 2026-06-17 7.8 HIGH N/A
EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages.
CVE-2015-6839 1 Grupo Msa 1 Vot.ar 2026-06-17 2.1 LOW 4.6 MEDIUM
The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag.
CVE-2015-6828 1 Securemoz 1 Security Audit 2026-06-17 6.8 MEDIUM N/A
The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by modifying the client-server data stream. NOTE: some of these details are obtained from third party information.
CVE-2015-6826 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2026-06-17 7.5 HIGH N/A
The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.
CVE-2015-6825 1 Ffmpeg 1 Ffmpeg 2026-06-17 7.5 HIGH N/A
The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file.
CVE-2015-6824 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2026-06-17 7.5 HIGH N/A
The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.