LiveActive security incident?Get immediate response
CVE archive

June 2015

Browse CVE records published in June 2015, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 592 matching CVEs · Page 3 of 12.

Unknown · CVSS Not scored

CVE-2015-4641: Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4,...

Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory.

Published Jun 19, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-4606: Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when usi...

Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the extension upload folder.

Published Jun 16, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-4640: The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies o...

The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution.

Published Jun 19, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-4607: Unrestricted file upload vulnerability in the Frontend User Upload (feupload) extension 0.5.0 and earlier f...

Unrestricted file upload vulnerability in the Frontend User Upload (feupload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension using a frontend form, then accessing it via a direct request to the file in the fileadmin folder.

Published Jun 16, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-4550: The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9...

The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9.3(3) and 9.4(1.1) does not verify the AES-GCM Integrity Check Value (ICV) octets, which makes it easier for man-in-the-middle attackers to spoof IPSec and IKEv2 traffic by modifying packet data, aka Bug ID CSCuu66218.

Published Jun 17, 2015 · Updated Aug 6, 2024