Total
11613 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1607 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Gnupg | 2026-06-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." | |||||
| CVE-2015-1604 | 1 Adminsystems Cms Project | 1 Adminsystems Cms | 2026-06-17 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/. | |||||
| CVE-2015-1555 | 1 Zend | 1 Zend Framework | 2026-06-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators. | |||||
| CVE-2015-1554 | 1 Kgb-bot Project | 1 Kgb-bot | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2015-1525 | 1 Google | 1 Android | 2026-06-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address. | |||||
| CVE-2015-1492 | 1 Symantec | 1 Endpoint Protection Manager | 2026-06-17 | 8.5 HIGH | N/A |
| Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. | |||||
| CVE-2015-1487 | 1 Symantec | 1 Endpoint Protection Manager | 2026-06-17 | 5.5 MEDIUM | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename. | |||||
| CVE-2015-1483 | 2 Linux, Symantec | 2 Linux Kernel, Netbackup Opscenter | 2026-06-17 | 7.5 HIGH | N/A |
| Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. | |||||
| CVE-2015-1443 | 1 Fli4l | 1 Fli4l | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code. | |||||
| CVE-2015-1425 | 1 Jakweb | 1 Gecko Cms | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities | |||||
| CVE-2015-1382 | 3 Debian, Opensuse, Privoxy | 3 Debian Linux, Opensuse, Privoxy | 2026-06-17 | 5.0 MEDIUM | N/A |
| parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. | |||||
| CVE-2015-1380 | 3 Opensuse, Oracle, Privoxy | 3 Opensuse, Solaris, Privoxy | 2026-06-17 | 5.0 MEDIUM | N/A |
| jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. | |||||
| CVE-2015-1379 | 1 Dest-unreach | 1 Socat | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). | |||||
| CVE-2015-1371 | 1 Ferretcms Project | 1 Ferretcms | 2026-06-17 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/. | |||||
| CVE-2015-1337 | 2 Canonical, Simpestreams Project | 2 Ubuntu Linux, Simplestreams | 2026-06-17 | 6.8 MEDIUM | N/A |
| Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response. | |||||
| CVE-2015-1326 | 1 Python-dbusmock Project | 1 Python-dbusmock | 2026-06-17 | 9.3 HIGH | 5.7 MEDIUM |
| python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file. | |||||
| CVE-2015-1319 | 1 Canonical | 1 Ubuntu Linux | 2026-06-17 | 2.1 LOW | N/A |
| The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive. | |||||
| CVE-2015-1303 | 1 Google | 1 Chrome | 2026-06-17 | 7.5 HIGH | N/A |
| bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element. | |||||
| CVE-2015-1302 | 1 Google | 1 Chrome | 2026-06-17 | 7.5 HIGH | N/A |
| The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc. | |||||
| CVE-2015-1284 | 3 Google, Opensuse, Redhat | 5 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 2 more | 2026-06-17 | 7.5 HIGH | N/A |
| The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements. | |||||
