Vulnerabilities (CVE)

Filtered by CWE-20
Total 11617 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-6244 2 Oracle, Wireshark 3 Linux, Solaris, Wireshark 2026-06-17 4.3 MEDIUM N/A
The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2015-6243 2 Oracle, Wireshark 3 Linux, Solaris, Wireshark 2026-06-17 4.3 MEDIUM N/A
The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions.
CVE-2015-6242 2 Oracle, Wireshark 2 Solaris, Wireshark 2026-06-17 4.3 MEDIUM N/A
The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet.
CVE-2015-6241 2 Oracle, Wireshark 2 Solaris, Wireshark 2026-06-17 4.3 MEDIUM N/A
The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2015-6172 1 Microsoft 3 Office, Office Compatibility Pack, Word 2026-06-17 9.3 HIGH N/A
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability."
CVE-2015-6169 1 Microsoft 1 Edge 2026-06-17 4.3 MEDIUM N/A
Microsoft Edge misparses HTTP responses, which allows remote attackers to redirect users to arbitrary web sites via unspecified vectors, aka "Microsoft Edge Spoofing Vulnerability."
CVE-2015-6164 1 Microsoft 1 Internet Explorer 2026-06-17 6.8 MEDIUM N/A
Microsoft Internet Explorer 9 through 11 improperly implements a cross-site scripting (XSS) protection mechanism, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, aka "Internet Explorer XSS Filter Bypass Vulnerability."
CVE-2015-6131 1 Microsoft 4 Windows 7, Windows 8, Windows 8.1 and 1 more 2026-06-17 9.3 HIGH N/A
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted .mcl file, aka "Media Center Library Parsing RCE Vulnerability."
CVE-2015-6128 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2026-06-17 7.2 HIGH N/A
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
CVE-2015-6112 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2026-06-17 5.8 MEDIUM N/A
SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required extended master-secret binding support to ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "Schannel TLS Triple Handshake Vulnerability."
CVE-2015-6104 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2026-06-17 9.3 HIGH N/A
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6103.
CVE-2015-6103 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2026-06-17 9.3 HIGH N/A
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6104.
CVE-2015-5986 2 Apple, Isc 2 Mac Os X Server, Bind 2026-06-17 7.1 HIGH N/A
openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.
CVE-2015-5965 1 Fortinet 1 Fortios 2026-06-17 5.0 MEDIUM N/A
The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field.
CVE-2015-5945 1 Apple 1 Mac Os X 2026-06-17 7.2 HIGH N/A
The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters.
CVE-2015-5883 1 Apple 1 Mac Os X 2026-06-17 5.0 MEDIUM N/A
The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence.
CVE-2015-5879 1 Apple 2 Iphone Os, Mac Os X 2026-06-17 5.0 MEDIUM N/A
XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header.
CVE-2015-5869 1 Apple 3 Iphone Os, Mac Os X, Watchos 2026-06-17 3.3 LOW N/A
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
CVE-2015-5837 1 Apple 2 Iphone Os, Watchos 2026-06-17 4.3 MEDIUM N/A
PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app.
CVE-2015-5828 2 Apple, Opensuse 2 Safari, Leap 2026-06-17 4.3 MEDIUM N/A
The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.