Vulnerabilities (CVE)

Filtered by CWE-20
Total 11613 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-3802 1 Apple 2 Iphone Os, Mac Os X 2026-06-17 7.2 HIGH N/A
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
CVE-2015-3787 1 Apple 1 Mac Os X 2026-06-17 3.3 LOW N/A
The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets.
CVE-2015-3774 1 Apple 1 Mac Os X 2026-06-17 4.8 MEDIUM N/A
The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.
CVE-2015-3760 1 Apple 1 Mac Os X 2026-06-17 7.2 HIGH N/A
dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
CVE-2015-3758 1 Apple 1 Iphone Os 2026-06-17 4.3 MEDIUM N/A
UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.
CVE-2015-3726 1 Apple 1 Iphone Os 2026-06-17 4.6 MEDIUM N/A
The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.
CVE-2015-3649 1 Open-uri-cached Project 1 Open-uri-cached 2026-06-17 4.6 MEDIUM 7.8 HIGH
The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created.
CVE-2015-3639 1 Phpmybackuppro 1 Phpmybackuppro 2026-06-17 6.5 MEDIUM 8.8 HIGH
phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file.
CVE-2015-3621 1 Sap 1 Enterprise Central Component 2026-06-17 9.3 HIGH N/A
Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program.
CVE-2015-3455 3 Fedoraproject, Oracle, Squid-cache 4 Fedora, Linux, Solaris and 1 more 2026-06-17 2.6 LOW N/A
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
CVE-2015-3419 1 Vbulletin 1 Vbulletin 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.
CVE-2015-3411 2 Php, Redhat 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more 2026-06-17 6.4 MEDIUM 6.5 MEDIUM
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.
CVE-2015-3330 4 Apple, Oracle, Php and 1 more 11 Mac Os X, Linux, Solaris and 8 more 2026-06-17 6.8 MEDIUM N/A
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."
CVE-2015-3323 1 Lenovo 6 Thinkserver Rd350, Thinkserver Rd450, Thinkserver Rd550 and 3 more 2026-06-17 5.0 MEDIUM N/A
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.
CVE-2015-3318 5 Ca, Hp, Ibm and 2 more 10 Client Automation, Network And Systems Management, Nsm Job Management Option and 7 more 2026-06-17 4.6 MEDIUM N/A
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors.
CVE-2015-3288 1 Linux 1 Linux Kernel 2026-06-17 7.2 HIGH 7.8 HIGH
mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero.
CVE-2015-3278 1 Nss Compat Ossl Project 1 Nss Compat Ossl 2026-06-17 7.5 HIGH 9.8 CRITICAL
The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors.
CVE-2015-3254 1 Apache 1 Thrift 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
CVE-2015-3245 1 Redhat 1 Libuser 2026-06-17 2.1 LOW N/A
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.
CVE-2015-3237 3 Haxx, Hp, Oracle 5 Curl, Libcurl, System Management Homepage and 2 more 2026-06-17 6.4 MEDIUM N/A
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.