Vulnerabilities (CVE)

Filtered by CWE-20
Total 11613 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0980 1 Scadaengine 1 Bacnet Opc Server 2026-06-17 9.0 HIGH N/A
Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request.
CVE-2015-0899 1 Apache 1 Struts 2026-06-17 5.0 MEDIUM 7.5 HIGH
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.
CVE-2015-0879 1 Almail 1 Al-mail32 2026-06-17 4.3 MEDIUM N/A
CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment.
CVE-2015-0853 1 Pysvn Project 1 Svn-workbench 2026-06-17 9.3 HIGH 8.8 HIGH
svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes).
CVE-2015-0850 1 Fusionforge 1 Fusionforge 2026-06-17 10.0 HIGH N/A
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.
CVE-2015-0810 2 Apple, Mozilla 2 Mac Os X, Firefox 2026-06-17 4.3 MEDIUM N/A
Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element.
CVE-2015-0799 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2026-06-17 4.3 MEDIUM N/A
The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header.
CVE-2015-0770 1 Cisco 1 Telepresence Tc Software 2026-06-17 5.0 MEDIUM N/A
CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341.
CVE-2015-0760 1 Cisco 1 Adaptive Security Appliance Software 2026-06-17 4.0 MEDIUM N/A
The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259.
CVE-2015-0759 1 Cisco 1 Headend Digital Broadband Delivery System 2026-06-17 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-0756 1 Cisco 1 Wireless Lan Controller 2026-06-17 6.1 MEDIUM N/A
Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104.
CVE-2015-0754 1 Cisco 1 Finesse 2026-06-17 7.5 HIGH N/A
Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810.
CVE-2015-0753 1 Cisco 1 Unified Web And E-mail Interaction Manager 2026-06-17 6.8 MEDIUM N/A
SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028.
CVE-2015-0751 1 Cisco 2 Ip Phone 7861, Unified Communications Manager 2026-06-17 7.8 HIGH N/A
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.
CVE-2015-0747 1 Cisco 3 Headend Digital Broadband Delivery System, Headend System Release, Videoscape Conductor 2026-06-17 4.3 MEDIUM N/A
Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408.
CVE-2015-0739 1 Cisco 10 Firesight System Software, Sourcefire 3d1000 Sensor, Sourcefire 3d2000 Sensor and 7 more 2026-06-17 4.0 MEDIUM N/A
The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938.
CVE-2015-0730 1 Cisco 1 Wide Area Application Services 2026-06-17 5.0 MEDIUM N/A
The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645.
CVE-2015-0726 1 Cisco 1 Wireless Lan Controller Software 2026-06-17 6.8 MEDIUM N/A
The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via unspecified parameters, aka Bug IDs CSCum65159 and CSCum65252.
CVE-2015-0725 1 Cisco 2 Videoscape Distribution Suite For Internet Streaming, Videoscape Distribution Suite Service Broker 2026-06-17 7.8 HIGH N/A
Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming (aka VDS-IS or CDS-IS) before 3.3.1 R7 and 4.x before 4.0.0 R4 allow remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug IDs CSCus79834 and CSCuu63409.
CVE-2015-0717 1 Cisco 1 Unified Communications Manager 2026-06-17 6.9 MEDIUM N/A
Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.