Search Results (1468 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-2715 2 Mozilla, Opensuse 2 Firefox, Opensuse 2025-04-12 N/A
Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown.
CVE-2015-2774 3 Erlang, Opensuse, Oracle 3 Erlang\/otp, Opensuse, Solaris 2025-04-12 N/A
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
CVE-2015-2718 2 Mozilla, Opensuse 2 Firefox, Opensuse 2025-04-12 N/A
The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data.
CVE-2014-9672 5 Canonical, Debian, Freetype and 2 more 5 Ubuntu Linux, Debian Linux, Freetype and 2 more 2025-04-12 N/A
Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.
CVE-2016-1942 2 Mozilla, Opensuse 3 Firefox, Leap, Opensuse 2025-04-12 N/A
Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.
CVE-2014-9659 5 Canonical, Fedoraproject, Freetype and 2 more 5 Ubuntu Linux, Fedora, Freetype and 2 more 2025-04-12 N/A
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.
CVE-2016-1953 3 Mozilla, Novell, Opensuse 5 Firefox, Thunderbird, Suse Package Hub For Suse Linux Enterprise and 2 more 2025-04-12 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
CVE-2015-1419 2 Opensuse, Vsftpd Project 2 Opensuse, Vsftpd 2025-04-12 N/A
Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
CVE-2015-8842 1 Opensuse 1 Opensuse 2025-04-12 N/A
tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.
CVE-2015-2711 2 Mozilla, Opensuse 2 Firefox, Opensuse 2025-04-12 N/A
Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a URL, as demonstrated by a private path component.
CVE-2015-2713 4 Mozilla, Novell, Opensuse and 1 more 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-04-12 N/A
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
CVE-2014-9673 5 Canonical, Debian, Freetype and 2 more 11 Ubuntu Linux, Debian Linux, Freetype and 8 more 2025-04-12 N/A
Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.
CVE-2014-9488 2 Gnu, Opensuse 2 Less, Opensuse 2025-04-12 N/A
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
CVE-2014-9761 6 Canonical, Fedoraproject, Gnu and 3 more 10 Ubuntu Linux, Fedora, Glibc and 7 more 2025-04-12 N/A
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
CVE-2015-2696 5 Canonical, Debian, Mit and 2 more 8 Ubuntu Linux, Debian Linux, Kerberos 5 and 5 more 2025-04-12 N/A
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.
CVE-2016-2313 2 Cacti, Opensuse 3 Cacti, Leap, Opensuse 2025-04-12 N/A
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.
CVE-2015-8863 3 Jq Project, Opensuse, Redhat 4 Jq, Leap, Opensuse and 1 more 2025-04-12 N/A
Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.
CVE-2014-9496 5 Canonical, Debian, Libsndfile Project and 2 more 5 Ubuntu Linux, Debian Linux, Libsndfile and 2 more 2025-04-12 N/A
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
CVE-2015-2697 6 Canonical, Debian, Mit and 3 more 9 Ubuntu Linux, Debian Linux, Kerberos 5 and 6 more 2025-04-12 N/A
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.
CVE-2014-3004 3 Castor Project, Opensuse, Opensuse Project 3 Castor, Opensuse, Opensuse 2025-04-12 N/A
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.