LiveActive security incident?Get immediate response
CVE archive

June 2015

Browse CVE records published in June 2015, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 592 matching CVEs · Page 2 of 12.

Unknown · CVSS Not scored

CVE-2015-8875: Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3)...

Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.

Published Jun 1, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-8800: Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: C...

Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.

Published Jun 8, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-8798: Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System P...

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.

Published Jun 8, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-8799: Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System P...

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.

Published Jun 8, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-8698: CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5...

CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Published Jun 29, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-8288: NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the s...

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

Published Jun 20, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-8157: SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protect...

SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Published Jun 8, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-7888: Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2...

Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.

Published Jun 7, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-5723: Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x...

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Published Jun 7, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-5473: Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to del...

Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.

Published Jun 1, 2017 · Updated Aug 6, 2024