Total
165 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-2735 | 5 Canonical, Debian, Mozilla and 2 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2024-02-04 | 9.3 HIGH | N/A |
nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. | |||||
CVE-2015-6735 | 1 Timedmediahandler Project | 1 Timedmediahandler | 2024-02-04 | 5.0 MEDIUM | N/A |
The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode. | |||||
CVE-2015-5894 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.3 MEDIUM | N/A |
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | |||||
CVE-2013-7424 | 1 Gnu | 1 Glibc | 2024-02-04 | 5.1 MEDIUM | N/A |
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. | |||||
CVE-2015-2720 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.4 MEDIUM | N/A |
The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file. | |||||
CVE-2015-0275 | 2 Linux, Oracle | 2 Linux Kernel, Linux | 2024-02-04 | 4.9 MEDIUM | N/A |
The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request. | |||||
CVE-2015-6823 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-04 | 7.5 HIGH | N/A |
The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. | |||||
CVE-2015-7793 | 1 Corega | 1 Cg-wlbaragm Firmware | 2024-02-04 | 5.0 MEDIUM | 5.8 MEDIUM |
Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors. | |||||
CVE-2015-4037 | 1 Qemu | 1 Qemu | 2024-02-04 | 1.9 LOW | N/A |
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. | |||||
CVE-2015-0859 | 1 Debian | 1 Debian Linux | 2024-02-04 | 7.5 HIGH | N/A |
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments. | |||||
CVE-2015-3292 | 1 Netapp | 1 Oncommand Workflow Automation | 2024-02-04 | 10.0 HIGH | N/A |
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2015-3177 | 1 Moodle | 1 Moodle | 2024-02-04 | 3.5 LOW | N/A |
Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request. | |||||
CVE-2015-2743 | 3 Mozilla, Novell, Oracle | 6 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 3 more | 2024-02-04 | 7.5 HIGH | N/A |
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass. | |||||
CVE-2015-4700 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | N/A |
The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler. | |||||
CVE-2015-1452 | 1 Fortinet | 1 Fortios | 2024-02-04 | 7.8 HIGH | N/A |
The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages. | |||||
CVE-2015-0817 | 1 Mozilla | 3 Firefox, Firefox Esr, Seamonkey | 2024-02-04 | 6.8 MEDIUM | N/A |
The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. | |||||
CVE-2015-1799 | 1 Ntp | 1 Ntp | 2024-02-04 | 4.3 MEDIUM | N/A |
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. | |||||
CVE-2014-8172 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | N/A |
The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations. | |||||
CVE-2014-3637 | 2 Freedesktop, Opensuse | 2 Dbus, Opensuse | 2024-02-04 | 2.1 LOW | N/A |
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor. | |||||
CVE-2015-1798 | 1 Ntp | 1 Ntp | 2024-02-04 | 1.8 LOW | N/A |
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. |