Vulnerabilities (CVE)

Filtered by CWE-20
Total 11617 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5254 3 Apache, Fedoraproject, Redhat 3 Activemq, Fedora, Openshift 2026-06-17 7.5 HIGH 9.8 CRITICAL
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
CVE-2015-5250 1 Redhat 1 Openshift Origin 2026-06-17 4.0 MEDIUM N/A
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.
CVE-2015-5248 1 Redhat 1 Feedhenry Enterprise Mobile Application Platform 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform.
CVE-2015-5235 3 Fedoraproject, Opensuse, Redhat 7 Fedora, Opensuse, Enterprise Linux Desktop and 4 more 2026-06-17 4.3 MEDIUM N/A
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
CVE-2015-5234 3 Fedoraproject, Opensuse, Redhat 7 Fedora, Opensuse, Enterprise Linux Desktop and 4 more 2026-06-17 6.8 MEDIUM N/A
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.
CVE-2015-5230 2 Debian, Powerdns 2 Debian Linux, Authoritative 2026-06-17 5.0 MEDIUM 7.5 HIGH
The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.
CVE-2015-5209 1 Apache 1 Struts 2026-06-17 5.0 MEDIUM 7.5 HIGH
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
CVE-2015-5208 1 Apache 1 Cordova 2026-06-17 4.3 MEDIUM 4.4 MEDIUM
Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.
CVE-2015-5195 5 Canonical, Debian, Fedoraproject and 2 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
CVE-2015-5194 6 Canonical, Debian, Fedoraproject and 3 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
CVE-2015-5186 1 Linux Audit Project 1 Linux Audit 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.
CVE-2015-5179 1 Freeipa 1 Freeipa 2026-06-17 5.0 MEDIUM 7.5 HIGH
FreeIPA might display user data improperly via vectors involving non-printable characters.
CVE-2015-5175 1 Apache 1 Cxf Fediz 2026-06-17 5.0 MEDIUM 7.5 HIGH
Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service.
CVE-2015-5159 1 Kdcproxy Project 1 Kdcproxy 2026-06-17 5.0 MEDIUM 7.5 HIGH
python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request.
CVE-2015-5146 3 Debian, Fedoraproject, Ntp 3 Debian Linux, Fedora, Ntp 2026-06-17 3.5 LOW 5.3 MEDIUM
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.
CVE-2015-5144 4 Canonical, Debian, Djangoproject and 1 more 4 Ubuntu Linux, Debian Linux, Django and 1 more 2026-06-17 4.3 MEDIUM N/A
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
CVE-2015-5091 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2026-06-17 7.8 HIGH N/A
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service via invalid data.
CVE-2015-5074 1 X2engine 1 X2crm 2026-06-17 7.5 HIGH N/A
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.
CVE-2015-5044 1 Ibm 1 Qradar Security Information And Event Manager 2026-06-17 3.3 LOW N/A
The Flow Collector in IBM Security QRadar QFLOW 7.1.x before 7.1 MR2 Patch 11 IF3 and 7.2.x before 7.2.5 Patch 4 IF3 allows remote attackers to cause a denial of service via unspecified packets.
CVE-2015-5042 1 Ibm 1 Emptoris Contract Management 2026-06-17 5.0 MEDIUM 7.5 HIGH
IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file.