Search Results (26284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-8217 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data.
CVE-2015-8218 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.
CVE-2015-8226 1 Huawei 2 Ale Firmware, Gem-703l Firmware 2025-04-12 N/A
The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8225.
CVE-2015-8229 1 Huawei 3 Espace Firmware, Espace Unified Gateway U2980, Espace Unified Gateway U2990 2025-04-12 N/A
Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling packets from a registered device.
CVE-2015-8232 1 Uc Profile Project 1 Uc Profile 2025-04-12 N/A
The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors.
CVE-2015-8280 1 Samsung 1 Web Viewer 2025-04-12 N/A
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages.
CVE-2015-8289 1 Netgear 4 D3600, D3600 Firmware, D6000 and 1 more 2025-04-12 N/A
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.
CVE-2015-8303 1 Huawei 1 Document Security Management 2025-04-12 N/A
Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file.
CVE-2015-8305 1 Huawei 2 P7, P7 Firmware 2025-04-12 N/A
Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege.
CVE-2015-8564 1 Joomla 1 Joomla\! 2025-04-12 N/A
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
CVE-2015-8565 1 Joomla 1 Joomla\! 2025-04-12 N/A
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2015-8569 1 Linux 1 Linux Kernel 2025-04-12 N/A
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
CVE-2015-8575 1 Linux 1 Linux Kernel 2025-04-12 N/A
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
CVE-2015-8601 1 Chat Room Project 1 Chat Room 2025-04-12 N/A
The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors.
CVE-2015-8607 3 Canonical, Debian, Perl 3 Ubuntu Linux, Debian Linux, Pathtools 2025-04-12 N/A
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
CVE-2015-8669 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVE-2015-8682 1 Huawei 4 Mate S, Mate S Firmware, P8 and 1 more 2025-04-12 N/A
The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access.
CVE-2015-8688 1 Gajim 1 Gajim 2025-04-12 N/A
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
CVE-2015-8702 2 Debian, Inspircd 2 Debian Linux, Inspircd 2025-04-12 N/A
The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.
CVE-2015-8705 1 Isc 1 Bind 2025-04-12 N/A
buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.