Max CVSS 10.0 Min CVSS 1.9 Total Count301
IDCVSSSummaryLast (major) updatePublished
CVE-2014-9680 2.1
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demo
04-05-2017 - 17:09 24-04-2017 - 02:59
CVE-2015-5563 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5562 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by lever
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5561 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5560 10.0
Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute ar
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5559 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5558 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by lever
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5557 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5556 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5555 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by lever
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5554 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by lever
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5553 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5552 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5551 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5550 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5549 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5548 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5547 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5546 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5545 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5544 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5541 10.0
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5540 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5539 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5134 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5133 10.0
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arb
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5132 10.0
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arb
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5131 10.0
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arb
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5130 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5129 10.0
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5127 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5125 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to cause a denial of service (vect
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-3153 5.0
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
02-01-2017 - 22:00 01-05-2015 - 11:59
CVE-2015-3148 5.0
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
02-01-2017 - 22:00 24-04-2015 - 10:59
CVE-2015-3145 7.5
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via
02-01-2017 - 22:00 24-04-2015 - 10:59
CVE-2015-3143 5.0
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
02-01-2017 - 22:00 24-04-2015 - 10:59
CVE-2015-2573 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
02-01-2017 - 21:59 16-04-2015 - 13:00
CVE-2015-2571 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
02-01-2017 - 21:59 16-04-2015 - 13:00
CVE-2015-2568 5.0
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.
02-01-2017 - 21:59 16-04-2015 - 13:00
CVE-2015-2041 4.6
net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a s
02-01-2017 - 21:59 21-04-2015 - 06:59
CVE-2015-1465 7.8
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (
02-01-2017 - 21:59 05-04-2015 - 17:59
CVE-2015-0505 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
02-01-2017 - 21:59 16-04-2015 - 12:59
CVE-2015-0501 5.7
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.
02-01-2017 - 21:59 16-04-2015 - 12:59
CVE-2015-0499 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.
02-01-2017 - 21:59 16-04-2015 - 12:59
CVE-2015-0441 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.
02-01-2017 - 21:59 16-04-2015 - 12:59
CVE-2015-0433 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.
02-01-2017 - 21:59 16-04-2015 - 12:59
CVE-2015-0432 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.
02-01-2017 - 21:59 21-01-2015 - 14:59
CVE-2015-0411 7.5
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.
02-01-2017 - 21:59 21-01-2015 - 14:59
CVE-2015-0391 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
02-01-2017 - 21:59 21-01-2015 - 13:59
CVE-2015-0382 4.3
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.
02-01-2017 - 21:59 21-01-2015 - 13:59
CVE-2015-0381 4.3
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.
02-01-2017 - 21:59 21-01-2015 - 13:59
CVE-2015-0374 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.
02-01-2017 - 21:59 21-01-2015 - 13:59
CVE-2015-0235 10.0
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 fu
02-01-2017 - 21:59 28-01-2015 - 14:59
CVE-2014-6568 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.
02-01-2017 - 21:59 21-01-2015 - 10:28
CVE-2014-0191 4.3
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless
02-01-2017 - 21:59 21-01-2015 - 09:59
CVE-2015-5477 7.8
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
30-12-2016 - 21:59 29-07-2015 - 10:59
CVE-2015-5366 5.0
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect chec
30-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2015-5364 7.8
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet f
30-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2015-4148 5.0
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted seria
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-4147 7.5
The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serial
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-4026 7.5
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files wi
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-4025 7.5
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-4024 5.0
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-4022 7.5
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer ove
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-4021 5.0
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a de
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-4000 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie
30-12-2016 - 21:59 20-05-2015 - 20:59
CVE-2015-3339 6.2
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but t
30-12-2016 - 21:59 27-05-2015 - 06:59
CVE-2015-3330 6.8
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or p
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-3329 7.5
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) ph
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-3307 7.5
The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a craf
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-3107 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe
30-12-2016 - 21:59 09-06-2015 - 21:59
CVE-2015-2922 3.3
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value
30-12-2016 - 21:59 27-05-2015 - 06:59
CVE-2015-2787 7.5
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call th
30-12-2016 - 21:59 30-03-2015 - 06:59
CVE-2015-2783 5.8
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length v
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-1792 5.0
The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL valu
30-12-2016 - 21:59 12-06-2015 - 15:59
CVE-2015-1791 6.8
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial
30-12-2016 - 21:59 12-06-2015 - 15:59
CVE-2015-1790 5.0
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash)
30-12-2016 - 21:59 12-06-2015 - 15:59
CVE-2015-1789 4.3
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a cr
30-12-2016 - 21:59 12-06-2015 - 15:59
CVE-2015-1788 4.3
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial
30-12-2016 - 21:59 12-06-2015 - 15:59
CVE-2014-8109 4.3
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows rem
30-12-2016 - 21:59 29-12-2014 - 18:59
CVE-2014-7810 5.0
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attacker
30-12-2016 - 21:59 07-06-2015 - 19:59
CVE-2014-0230 7.8
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (
30-12-2016 - 21:59 07-06-2015 - 19:59
CVE-2015-4003 7.8
The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
27-12-2016 - 21:59 07-06-2015 - 19:59
CVE-2015-4002 9.0
drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or po
27-12-2016 - 21:59 07-06-2015 - 19:59
CVE-2015-4001 9.0
Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary co
27-12-2016 - 21:59 07-06-2015 - 19:59
CVE-2015-1420 1.9
Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of
27-12-2016 - 21:59 16-03-2015 - 06:59
CVE-2015-6251 5.0
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.
23-12-2016 - 21:59 24-08-2015 - 10:59
CVE-2015-5782 4.3
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
23-12-2016 - 21:59 16-08-2015 - 20:01
CVE-2015-5781 4.3
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
23-12-2016 - 21:59 16-08-2015 - 20:01
CVE-2015-5778 6.8
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE
23-12-2016 - 21:59 16-08-2015 - 20:01
CVE-2015-5777 6.8
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE
23-12-2016 - 21:59 16-08-2015 - 20:01
CVE-2015-5776 7.5
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-5775 7.5
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-380
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-5774 7.2
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-5773 6.8
QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-5761 6.8
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-5758 6.8
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-5757 9.3
libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-5756 6.8
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-380
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-5755 6.8
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-5600 8.5
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force at
23-12-2016 - 21:59 02-08-2015 - 21:59
CVE-2015-5352 4.3
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictio
23-12-2016 - 21:59 02-08-2015 - 21:59
CVE-2015-4879 4.6
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4864 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4819 7.2
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.
23-12-2016 - 21:59 21-10-2015 - 17:59
CVE-2015-4816 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
23-12-2016 - 21:59 21-10-2015 - 17:59
CVE-2015-4760 10.0
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
23-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2015-4749 4.3
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI.
23-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2015-4748 7.6
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
23-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2015-4736 9.3
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
23-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2015-4733 10.0
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
23-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2015-4732 10.0
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability th
23-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2015-4731 10.0
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
23-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2015-4729 4.0
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.
23-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2015-4495 4.3
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript
23-12-2016 - 21:59 07-08-2015 - 20:59
CVE-2015-4493 9.3
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds c
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4492 7.5
Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4491 6.8
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers t
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4490 4.3
The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matchi
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4489 7.5
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a se
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4488 7.5
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4487 7.5
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4486 10.0
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4485 10.0
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4484 5.0
The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of sha
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4483 4.3
Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4482 4.6
mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4481 3.3
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log fi
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4480 9.3
Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4479 10.0
Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4478 5.0
Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse m
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4477 10.0
Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4475 7.5
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4474 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4473 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-3807 4.3
libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-3806 7.2
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-3805 7.2
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-3804 7.5
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-575
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-3803 7.2
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-3802 7.2
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-3800 7.2
The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-3798 7.5
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a differen
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-3797 7.5
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a differen
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-3796 7.5
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a differen
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-3795 9.3
libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-3784 5.0
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3782 4.3
CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3778 3.3
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3776 9.3
IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3768 9.3
Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3766 4.3
The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3755 4.3
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3754 4.3
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted we
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3753 5.0
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3752 5.0
The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allow
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3751 5.0
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3750 6.4
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requ
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3749 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3748 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3747 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3746 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3745 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3744 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3743 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3742 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3741 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3740 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3739 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3738 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3737 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3736 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3735 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3734 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3733 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3732 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3731 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3730 6.8
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3729 4.3
Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted sit
23-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2015-3636 4.9
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and sy
23-12-2016 - 21:59 05-08-2015 - 21:59
CVE-2015-3187 4.0
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node tha
23-12-2016 - 21:59 12-08-2015 - 10:59
CVE-2015-3185 4.3
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote
23-12-2016 - 21:59 20-07-2015 - 19:59
CVE-2015-3183 5.0
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large c
23-12-2016 - 21:59 20-07-2015 - 19:59
CVE-2015-2664 6.9
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
23-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2015-2638 10.0
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
23-12-2016 - 21:59 16-07-2015 - 06:59
CVE-2015-2637 5.0
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
23-12-2016 - 21:59 16-07-2015 - 06:59
CVE-2015-2632 5.0
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
23-12-2016 - 21:59 16-07-2015 - 06:59
CVE-2015-2625 2.6
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE.
23-12-2016 - 21:59 16-07-2015 - 06:59
CVE-2015-2621 5.0
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX.
23-12-2016 - 21:59 16-07-2015 - 06:59
CVE-2015-2619 5.0
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
23-12-2016 - 21:59 16-07-2015 - 06:59
CVE-2015-2613 5.0
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.
23-12-2016 - 21:59 16-07-2015 - 06:59
CVE-2015-2601 5.0
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.
23-12-2016 - 21:59 16-07-2015 - 06:59
CVE-2015-2590 10.0
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability th
23-12-2016 - 21:59 16-07-2015 - 06:59
CVE-2015-5754 9.3
Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping asso
21-12-2016 - 22:00 16-08-2015 - 20:00
CVE-2015-5124 10.0
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow atta
21-12-2016 - 21:59 20-07-2015 - 19:59
CVE-2015-4757 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
21-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2015-4752 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.
21-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2015-4737 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.
21-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2015-4700 4.9
The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late co
21-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2015-4692 4.9
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm ac
21-12-2016 - 21:59 27-07-2015 - 06:59
CVE-2015-4167 4.7
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted
21-12-2016 - 21:59 05-08-2015 - 14:59
CVE-2015-4036 7.2
Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI
21-12-2016 - 21:59 31-08-2015 - 16:59
CVE-2015-3799 9.3
The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app.
21-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-3290 7.2
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
21-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2015-3212 4.9
Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.
21-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2015-3144 9.0
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via
21-12-2016 - 21:59 24-04-2015 - 10:59
CVE-2015-3026 5.0
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "ad
21-12-2016 - 21:59 29-04-2015 - 16:59
CVE-2015-2648 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.
21-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2015-2643 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
21-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2015-2620 4.3
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.
21-12-2016 - 21:59 16-07-2015 - 06:59
CVE-2015-2582 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
21-12-2016 - 21:59 16-07-2015 - 06:59
CVE-2014-9731 2.1
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted
21-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2014-9730 4.9
The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.
21-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2014-9729 4.9
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.
21-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2014-9728 4.9
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c
21-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2014-3775 7.5
libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.
21-12-2016 - 21:59 22-05-2014 - 07:14
CVE-2013-7422 7.5
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associa
21-12-2016 - 21:59 16-08-2015 - 19:59
CVE-2013-6487 7.5
Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.
21-12-2016 - 21:59 06-02-2014 - 12:00
CVE-2013-4488 4.3
libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.
21-12-2016 - 21:59 09-10-2014 - 21:55
CVE-2015-3783 7.5
SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
07-12-2016 - 22:08 16-08-2015 - 19:59
CVE-2014-8150 4.3
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
07-12-2016 - 22:06 15-01-2015 - 10:59
CVE-2014-3660 5.0
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing
07-12-2016 - 22:05 04-11-2014 - 11:55
CVE-2014-3583 5.0
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
07-12-2016 - 22:05 15-12-2014 - 13:59
CVE-2015-6737 4.3
Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content.
07-12-2016 - 13:21 01-09-2015 - 10:59
CVE-2015-6736 5.0
The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression.
07-12-2016 - 13:21 01-09-2015 - 10:59
CVE-2015-6735 5.0
The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode.
07-12-2016 - 13:21 01-09-2015 - 10:59
CVE-2015-6734 4.3
Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web
07-12-2016 - 13:21 01-09-2015 - 10:59
CVE-2015-6733 5.0
GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.
07-12-2016 - 13:21 01-09-2015 - 10:59
CVE-2015-6731 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3) label_*, or (4) new_template parameter to Special:
07-12-2016 - 13:21 01-09-2015 - 10:59
CVE-2015-6730 4.3
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an
07-12-2016 - 13:21 01-09-2015 - 10:59
CVE-2015-6729 4.3
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled i
07-12-2016 - 13:21 01-09-2015 - 10:59
CVE-2015-6728 7.5
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protecti
07-12-2016 - 13:21 01-09-2015 - 10:59
CVE-2014-8151 5.8
The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the ses
02-12-2016 - 22:01 15-01-2015 - 10:59
CVE-2014-3707 4.3
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to r
02-12-2016 - 22:01 15-11-2014 - 15:59
CVE-2014-3620 5.0
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.
02-12-2016 - 22:01 18-11-2014 - 10:59
CVE-2014-3613 5.0
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a s
02-12-2016 - 22:01 18-11-2014 - 10:59
CVE-2015-5784 9.3
runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
28-11-2016 - 14:36 16-08-2015 - 20:01
CVE-2015-5783 9.3
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770.
28-11-2016 - 14:36 16-08-2015 - 20:01
CVE-2015-5779 7.5
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:35 16-08-2015 - 20:01
CVE-2015-5772 6.8
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file.
28-11-2016 - 14:35 16-08-2015 - 20:00
CVE-2015-5771 6.8
Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file.
28-11-2016 - 14:35 16-08-2015 - 20:00
CVE-2015-5768 4.3
AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
28-11-2016 - 14:35 16-08-2015 - 20:00
CVE-2015-5763 7.2
ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
28-11-2016 - 14:35 16-08-2015 - 20:00
CVE-2015-5753 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:35 16-08-2015 - 20:00
CVE-2015-5751 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:35 16-08-2015 - 20:00
CVE-2015-5750 7.5
Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters.
28-11-2016 - 14:35 16-08-2015 - 20:00
CVE-2015-5748 2.1
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
28-11-2016 - 14:35 16-08-2015 - 20:00
CVE-2015-5747 4.9
The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors.
28-11-2016 - 14:35 16-08-2015 - 20:00
CVE-2015-3794 6.8
The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string.
28-11-2016 - 14:26 16-08-2015 - 20:00
CVE-2015-3792 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 20:00
CVE-2015-3791 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 20:00
CVE-2015-3790 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 20:00
CVE-2015-3789 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 20:00
CVE-2015-3788 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3787 3.3
The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3786 4.3
The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3781 4.3
Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3780 4.3
The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3779 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-201
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3777 7.2
Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3775 7.2
Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3774 4.8
The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3773 7.5
The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3772 7.2
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3771 7.2
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3772.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3770 9.3
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5783.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3769 7.2
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3771 and CVE-2015-3772.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3767 7.2
udf in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3765 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3779, CVE-2015-3788, CVE-201
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3764 4.3
Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3762 5.0
The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunction with an entity reference, related to an XML Ext
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3761 7.2
The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-3760 7.2
dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
28-11-2016 - 14:25 16-08-2015 - 19:59
CVE-2015-3757 2.1
Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane.
28-11-2016 - 14:25 16-08-2015 - 19:59
CVE-2015-0253 5.0
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending
28-11-2016 - 14:16 20-07-2015 - 19:59
CVE-2015-0228 5.0
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script ha
28-11-2016 - 14:16 07-03-2015 - 21:59
CVE-2014-9365 5.8
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify tha
28-11-2016 - 14:13 12-12-2014 - 06:59
CVE-2014-9140 5.0
Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.
28-11-2016 - 14:13 05-12-2014 - 11:59
CVE-2014-1912 7.5
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
28-11-2016 - 14:10 28-02-2014 - 19:55
CVE-2014-0106 6.6
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variab
28-11-2016 - 14:10 11-03-2014 - 15:37
CVE-2014-0067 4.6
The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by le
28-11-2016 - 14:10 31-03-2014 - 10:58
CVE-2013-7440 4.3
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
28-11-2016 - 14:10 07-06-2016 - 14:59
CVE-2013-7424 5.1
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demon
28-11-2016 - 14:10 26-08-2015 - 15:59
CVE-2013-7338 7.1
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines,
28-11-2016 - 14:10 22-04-2014 - 10:23
CVE-2013-7040 4.3
Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attack
28-11-2016 - 14:10 19-05-2014 - 10:55
CVE-2013-2776 4.4
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo pe
28-11-2016 - 14:09 08-04-2013 - 13:55
CVE-2013-1775 6.9
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp t
28-11-2016 - 14:08 05-03-2013 - 16:38
CVE-2014-9028 7.5
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
25-10-2016 - 22:00 26-11-2014 - 10:59
CVE-2014-8962 7.5
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
25-10-2016 - 22:00 26-11-2014 - 10:59
CVE-2014-8769 6.4
tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of
17-10-2016 - 23:45 20-11-2014 - 12:50
CVE-2014-8767 5.0
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.
17-10-2016 - 23:45 20-11-2014 - 12:50
CVE-2014-7185 6.4
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
14-10-2016 - 21:59 08-10-2014 - 13:55
CVE-2014-3581 5.0
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP
11-10-2016 - 21:59 10-10-2014 - 06:55
CVE-2013-1776 4.4
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via
08-09-2016 - 21:59 08-04-2013 - 13:55
CVE-2014-4043 7.5
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
06-04-2016 - 08:13 06-10-2014 - 19:55
CVE-2013-2777 4.4
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vect
30-03-2016 - 17:54 08-04-2013 - 13:55
CVE-2009-5078 6.4
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.
30-03-2016 - 17:36 30-06-2011 - 11:55
CVE-2009-5044 3.3
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
30-03-2016 - 17:36 24-06-2011 - 16:55
CVE-2015-5128
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
08-10-2015 - 06:59 08-10-2015 - 06:59
CVE-2015-6727 5.0
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
02-09-2015 - 13:19 01-09-2015 - 10:59
CVE-2013-7444 5.0
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
02-09-2015 - 12:30 01-09-2015 - 10:59
Back to Top Mark selected
Back to Top