CVE-2017-14734

The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1.

Source: CVE-2017-14734

CVE-2015-5181

The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.

Source: CVE-2015-5181

CVE-2015-5182

Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.

Source: CVE-2015-5182

CVE-2015-5183

The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.

Source: CVE-2015-5183

CVE-2015-5184

The Hawtio console in A-MQ allows remote attackers to obtain sensitive information and perform other unspecified impact.

Source: CVE-2015-5184

CVE-2015-5263

pulp-consumer-client 2.4.0 through 2.6.3 does not check the server’s TLS certificate signatures when retrieving the server’s public key upon registration.

Source: CVE-2015-5263

CVE-2015-5704

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.

Source: CVE-2015-5704

CVE-2015-5666

ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates.

Source: CVE-2015-5666

CVE-2015-5327

Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.

Source: CVE-2015-5327

CVE-2015-5169

Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.

Source: CVE-2015-5169