Vulnerabilities (CVE)

Filtered by CWE-20
Total 11614 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5765 1 Apple 2 Iphone Os, Safari 2026-06-17 4.3 MEDIUM N/A
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.
CVE-2015-5764 1 Apple 2 Iphone Os, Safari 2026-06-17 4.3 MEDIUM N/A
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.
CVE-2015-5726 2 Botan Project, Debian 2 Botan, Debian Linux 2026-06-17 5.0 MEDIUM 7.5 HIGH
The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.
CVE-2015-5722 2 Apple, Isc 2 Mac Os X Server, Bind 2026-06-17 7.8 HIGH N/A
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.
CVE-2015-5696 1 Dell 1 Netvault Backup 2026-06-17 5.0 MEDIUM N/A
Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request.
CVE-2015-5685 1 Bittorrent 1 Bootstrap-dht 2026-06-17 7.5 HIGH N/A
The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."
CVE-2015-5674 1 Freebsd 1 Freebsd 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected.
CVE-2015-5606 1 Axway 1 Vordel Xml Gateway 2026-06-17 5.0 MEDIUM 7.5 HIGH
Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request.
CVE-2015-5589 1 Php 1 Php 2026-06-17 10.0 HIGH 9.8 CRITICAL
The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.
CVE-2015-5568 5 Adobe, Apple, Google and 2 more 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more 2026-06-17 10.0 HIGH N/A
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2015-5457 1 Pivotx 1 Pivotx 2026-06-17 7.5 HIGH N/A
PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php.
CVE-2015-5401 1 Teradata 2 Teradata Express, Teradata Gateway 2026-06-17 5.0 MEDIUM 7.5 HIGH
Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message.
CVE-2015-5386 1 Siemens 2 Sicam Mic, Sicam Mic Firmware 2026-06-17 9.3 HIGH N/A
Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests.
CVE-2015-5369 1 Juniper 4 Mag Pcs360, Pcs6000, Pcs6500 and 1 more 2026-06-17 4.3 MEDIUM N/A
Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.
CVE-2015-5311 1 Powerdns 1 Authoritative 2026-06-17 5.0 MEDIUM N/A
PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets.
CVE-2015-5296 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Samba 2026-06-17 4.3 MEDIUM 5.4 MEDIUM
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
CVE-2015-5255 2 Adobe, Hp 4 Coldfusion, Livecycle Data Services, Xp7 Command View Advanced Edition and 1 more 2026-06-17 4.3 MEDIUM N/A
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.
CVE-2015-5254 3 Apache, Fedoraproject, Redhat 3 Activemq, Fedora, Openshift 2026-06-17 7.5 HIGH 9.8 CRITICAL
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
CVE-2015-5250 1 Redhat 1 Openshift Origin 2026-06-17 4.0 MEDIUM N/A
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.
CVE-2015-5248 1 Redhat 1 Feedhenry Enterprise Mobile Application Platform 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform.