Total
1917 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7213 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. | |||||
CVE-2015-7212 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 7.5 HIGH | N/A |
Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation. | |||||
CVE-2015-7211 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. | |||||
CVE-2015-7210 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 7.5 HIGH | N/A |
Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. | |||||
CVE-2015-7208 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. | |||||
CVE-2015-7207 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300. | |||||
CVE-2015-7205 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 10.0 HIGH | N/A |
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet. | |||||
CVE-2015-7204 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | |||||
CVE-2015-7203 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 10.0 HIGH | N/A |
Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name. | |||||
CVE-2015-7202 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2015-7201 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2015-6031 | 4 Canonical, Debian, Miniupnp Project and 1 more | 5 Ubuntu Linux, Debian Linux, Miniupnpc and 2 more | 2024-11-21 | 6.8 MEDIUM | N/A |
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name. | |||||
CVE-2015-5969 | 2 Opensuse, Suse | 6 Leap, Opensuse, Linux Enterprise Desktop and 3 more | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments. | |||||
CVE-2015-5828 | 2 Apple, Opensuse | 2 Safari, Leap | 2024-11-21 | 4.3 MEDIUM | N/A |
The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site. | |||||
CVE-2015-5479 | 3 Libav, Opensuse, Ubuntu | 3 Libav, Leap, Ubuntu | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. | |||||
CVE-2015-5309 | 2 Opensuse, Simon Tatham | 3 Leap, Opensuse, Putty | 2024-11-21 | 4.3 MEDIUM | N/A |
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow. | |||||
CVE-2015-5300 | 7 Canonical, Debian, Fedoraproject and 4 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | |||||
CVE-2015-5291 | 5 Arm, Debian, Fedoraproject and 2 more | 6 Mbed Tls, Debian Linux, Fedora and 3 more | 2024-11-21 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0. | |||||
CVE-2015-5221 | 4 Fedoraproject, Jasper Project, Opensuse and 1 more | 5 Fedora, Jasper, Leap and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | |||||
CVE-2015-5219 | 10 Canonical, Debian, Fedoraproject and 7 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. |