Vulnerabilities (CVE)

Filtered by CWE-20
Total 11613 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-1607 2 Canonical, Gnupg 2 Ubuntu Linux, Gnupg 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
CVE-2015-1604 1 Adminsystems Cms Project 1 Adminsystems Cms 2026-06-17 6.5 MEDIUM N/A
Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/.
CVE-2015-1555 1 Zend 1 Zend Framework 2026-06-17 6.4 MEDIUM 9.1 CRITICAL
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.
CVE-2015-1554 1 Kgb-bot Project 1 Kgb-bot 2026-06-17 5.0 MEDIUM 7.5 HIGH
kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash).
CVE-2015-1525 1 Google 1 Android 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address.
CVE-2015-1492 1 Symantec 1 Endpoint Protection Manager 2026-06-17 8.5 HIGH N/A
Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package.
CVE-2015-1487 1 Symantec 1 Endpoint Protection Manager 2026-06-17 5.5 MEDIUM N/A
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.
CVE-2015-1483 2 Linux, Symantec 2 Linux Kernel, Netbackup Opscenter 2026-06-17 7.5 HIGH N/A
Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors.
CVE-2015-1443 1 Fli4l 1 Fli4l 2026-06-17 9.0 HIGH 8.8 HIGH
The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code.
CVE-2015-1425 1 Jakweb 1 Gecko Cms 2026-06-17 7.5 HIGH 9.8 CRITICAL
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities
CVE-2015-1382 3 Debian, Opensuse, Privoxy 3 Debian Linux, Opensuse, Privoxy 2026-06-17 5.0 MEDIUM N/A
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
CVE-2015-1380 3 Opensuse, Oracle, Privoxy 3 Opensuse, Solaris, Privoxy 2026-06-17 5.0 MEDIUM N/A
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
CVE-2015-1379 1 Dest-unreach 1 Socat 2026-06-17 5.0 MEDIUM 7.5 HIGH
The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).
CVE-2015-1371 1 Ferretcms Project 1 Ferretcms 2026-06-17 7.5 HIGH N/A
Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/.
CVE-2015-1337 2 Canonical, Simpestreams Project 2 Ubuntu Linux, Simplestreams 2026-06-17 6.8 MEDIUM N/A
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.
CVE-2015-1326 1 Python-dbusmock Project 1 Python-dbusmock 2026-06-17 9.3 HIGH 5.7 MEDIUM
python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.
CVE-2015-1319 1 Canonical 1 Ubuntu Linux 2026-06-17 2.1 LOW N/A
The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive.
CVE-2015-1303 1 Google 1 Chrome 2026-06-17 7.5 HIGH N/A
bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.
CVE-2015-1302 1 Google 1 Chrome 2026-06-17 7.5 HIGH N/A
The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc.
CVE-2015-1284 3 Google, Opensuse, Redhat 5 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 2 more 2026-06-17 7.5 HIGH N/A
The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.