Vulnerabilities > Code
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-12-16 | CVE-2015-7204 | Code vulnerability in multiple products Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | 6.8 |
2015-12-11 | CVE-2015-7045 | Code vulnerability in Apple mac OS X and Tvos Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors. | 5.0 |
2015-12-03 | CVE-2015-0859 | Code vulnerability in Debian Linux 7.0/8.0 The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments. | 7.5 |
2015-11-08 | CVE-2015-4963 | Code vulnerability in IBM Security Access Manager for web IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | 7.5 |
2015-11-06 | CVE-2015-8082 | Code vulnerability in Login Disable Project Login Disable 6.X1.0/7.X1.0/7.X1.1 The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL Login modules. | 7.5 |
2015-11-05 | CVE-2015-7200 | Code vulnerability in Mozilla Firefox and Firefox ESR The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. | 7.5 |
2015-11-05 | CVE-2015-7196 | Code vulnerability in Mozilla Firefox and Firefox ESR Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. | 6.8 |
2015-11-05 | CVE-2015-7192 | Code vulnerability in Mozilla Firefox The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. | 7.5 |
2015-10-23 | CVE-2015-7023 | Code vulnerability in Apple Iphone OS and mac OS X CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. | 5.8 |
2015-10-23 | CVE-2015-7035 | Code vulnerability in Apple mac OS X Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors. | 7.5 |