Total
1775 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2825 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | |||||
CVE-2015-7215 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow. | |||||
CVE-2016-1956 | 4 Linux, Mozilla, Novell and 1 more | 5 Linux Kernel, Firefox, Suse Package Hub For Suse Linux Enterprise and 2 more | 2024-02-04 | 7.1 HIGH | 6.5 MEDIUM |
Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. | |||||
CVE-2016-5157 | 3 Fedoraproject, Google, Opensuse | 3 Fedora, Chrome, Leap | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data. | |||||
CVE-2016-0605 | 3 Opensuse, Oracle, Redhat | 4 Leap, Opensuse, Mysql and 1 more | 2024-02-04 | 2.1 LOW | N/A |
Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. | |||||
CVE-2016-5421 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2016-1687 | 5 Debian, Google, Opensuse and 2 more | 8 Debian Linux, Chrome, Leap and 5 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions. | |||||
CVE-2016-1957 | 4 Mozilla, Novell, Opensuse and 1 more | 7 Firefox, Firefox Esr, Thunderbird and 4 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. | |||||
CVE-2015-8948 | 3 Canonical, Gnu, Opensuse | 4 Ubuntu Linux, Libidn, Leap and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. | |||||
CVE-2016-2795 | 5 Mozilla, Opensuse, Oracle and 2 more | 7 Firefox, Firefox Esr, Leap and 4 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. | |||||
CVE-2016-1974 | 4 Mozilla, Opensuse, Oracle and 1 more | 7 Firefox, Firefox Esr, Thunderbird and 4 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. | |||||
CVE-2015-8077 | 2 Cyrus, Opensuse | 3 Imap, Leap, Opensuse | 2024-02-04 | 7.5 HIGH | N/A |
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. | |||||
CVE-2016-1659 | 5 Canonical, Debian, Google and 2 more | 5 Ubuntu Linux, Debian Linux, Chrome and 2 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2015-7221 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change. | |||||
CVE-2016-6352 | 3 Canonical, Gnome, Opensuse | 4 Ubuntu Linux, Gdk-pixbuf, Leap and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. | |||||
CVE-2016-8910 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2024-02-04 | 2.1 LOW | 6.0 MEDIUM |
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. | |||||
CVE-2015-8076 | 2 Cyrus, Opensuse | 3 Imap, Leap, Opensuse | 2024-02-04 | 7.5 HIGH | N/A |
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read. | |||||
CVE-2016-3630 | 5 Debian, Fedoraproject, Mercurial and 2 more | 7 Debian Linux, Fedora, Mercurial and 4 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. | |||||
CVE-2016-2806 | 4 Debian, Mozilla, Opensuse and 1 more | 5 Debian Linux, Firefox, Leap and 2 more | 2024-02-04 | 10.0 HIGH | 8.8 HIGH |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2016-2832 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. |