Total
165 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2922 | 5 Debian, Fedoraproject, Linux and 2 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2024-02-04 | 3.3 LOW | N/A |
| The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | |||||
| CVE-2014-8155 | 1 Gnu | 1 Gnutls | 2024-02-04 | 4.3 MEDIUM | N/A |
| GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. | |||||
| CVE-2015-0847 | 2 Canonical, Wouter Verhelst | 2 Ubuntu Linux, Nbd | 2024-02-04 | 7.8 HIGH | N/A |
| nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors. | |||||
| CVE-2015-7196 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-04 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. | |||||
| CVE-2015-1259 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-04 | 7.5 HIGH | N/A |
| PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2015-8547 | 2 Opensuse, Quassel-irc | 3 Leap, Opensuse, Quassel | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query. | |||||
| CVE-2015-6760 | 1 Google | 1 Chrome | 2024-02-04 | 7.5 HIGH | N/A |
| The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device. | |||||
| CVE-2015-4963 | 1 Ibm | 1 Security Access Manager For Web | 2024-02-04 | 7.5 HIGH | N/A |
| IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||||
| CVE-2015-7311 | 1 Xen | 1 Xen | 2024-02-04 | 3.6 LOW | N/A |
| libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. | |||||
| CVE-2016-1940 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing. | |||||
| CVE-2015-2535 | 1 Microsoft | 2 Windows Server 2008, Windows Server 2012 | 2024-02-04 | 4.0 MEDIUM | N/A |
| Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machine accounts, aka "Active Directory Denial of Service Vulnerability." | |||||
| CVE-2015-4335 | 2 Debian, Redislabs | 2 Debian Linux, Redis | 2024-02-04 | 10.0 HIGH | N/A |
| Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. | |||||
| CVE-2015-8216 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-04 | 7.5 HIGH | N/A |
| The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. | |||||
| CVE-2015-6736 | 1 Quiz Project | 1 Quiz | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression. | |||||
| CVE-2015-5229 | 1 Redhat | 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. | |||||
| CVE-2015-1263 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-04 | 4.3 MEDIUM | N/A |
| The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2015-5912 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-04 | 5.0 MEDIUM | N/A |
| The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. | |||||
| CVE-2015-7192 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2024-02-04 | 7.5 HIGH | N/A |
| The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. | |||||
| CVE-2015-6822 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-04 | 7.5 HIGH | N/A |
| The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. | |||||
| CVE-2015-8027 | 1 Nodejs | 1 Node.js | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request. | |||||