Total
29787 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5573 | 6 Adobe, Apple, Google and 3 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2025-04-12 | N/A |
| Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion." | ||||
| CVE-2015-5562 | 5 Adobe, Apple, Linux and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | N/A |
| Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-5554, CVE-2015-5555, and CVE-2015-5558. | ||||
| CVE-2015-5554 | 5 Adobe, Apple, Linux and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | N/A |
| Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-5555, CVE-2015-5558, and CVE-2015-5562. | ||||
| CVE-2015-5550 | 5 Adobe, Apple, Linux and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. | ||||
| CVE-2015-5503 | 1 Chamilo Integration Project | 1 Chamilo Integration | 2025-04-12 | N/A |
| Open redirect vulnerability in the Chamilo integration module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. | ||||
| CVE-2015-5204 | 1 Apache | 1 Cordova File Transfer | 2025-04-12 | N/A |
| CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file. | ||||
| CVE-2015-5257 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device. NOTE: this ID was incorrectly used for an Apache Cordova issue that has the correct ID of CVE-2015-8320. | ||||
| CVE-2015-5285 | 1 Kallithea-scm | 1 Kallithea | 2025-04-12 | N/A |
| CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. | ||||
| CVE-2015-5465 | 1 Sis | 1 Windows Vga Display Manager | 2025-04-12 | N/A |
| Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call. | ||||
| CVE-2015-5210 | 1 Apache | 1 Ambari | 2025-04-12 | N/A |
| Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter. | ||||
| CVE-2015-4692 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call. | ||||
| CVE-2015-5038 | 1 Ibm | 1 Connections | 2025-04-12 | N/A |
| IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service (CPU consumption and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | ||||
| CVE-2015-5062 | 1 Silverstripe | 1 Silverstripe | 2025-04-12 | N/A |
| Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build. | ||||
| CVE-2015-5068 | 1 Sap | 1 Mobile Platform | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601. | ||||
| CVE-2015-4297 | 1 Cisco | 1 Webex Node For Mcs | 2025-04-12 | N/A |
| Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP request parameters, aka Bug ID CSCuv32136. | ||||
| CVE-2015-4363 | 1 Finder Project | 1 Finder | 2025-04-12 | N/A |
| Open redirect vulnerability in the finder_form_goto function in the Finder module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2015-4371 | 1 Perfecto Project | 1 Perfecto | 2025-04-12 | N/A |
| Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. | ||||
| CVE-2015-4456 | 1 Owncloud | 1 Owncloud Desktop Client | 2025-04-12 | N/A |
| ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate. | ||||
| CVE-2015-4477 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | N/A |
| Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API. | ||||
| CVE-2015-4497 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-12 | N/A |
| Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element. | ||||