Max CVSS 10.0 Min CVSS 4.0 Total Count37
IDCVSSSummaryLast (major) updatePublished
CVE-2015-6673 7.5
Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32.
20-09-2017 - 14:29 20-09-2017 - 14:29
CVE-2015-0287 5.0
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial o
02-01-2017 - 21:59 19-03-2015 - 18:59
CVE-2015-0251 4.0
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.
02-01-2017 - 21:59 08-04-2015 - 14:59
CVE-2015-0248 5.0
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evalu
02-01-2017 - 21:59 08-04-2015 - 14:59
CVE-2014-8108 5.0
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a
02-01-2017 - 21:59 18-12-2014 - 10:59
CVE-2015-1792 5.0
The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL valu
30-12-2016 - 21:59 12-06-2015 - 15:59
CVE-2015-1791 6.8
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial
30-12-2016 - 21:59 12-06-2015 - 15:59
CVE-2015-1790 5.0
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash)
30-12-2016 - 21:59 12-06-2015 - 15:59
CVE-2015-1789 4.3
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a cr
30-12-2016 - 21:59 12-06-2015 - 15:59
CVE-2015-1788 4.3
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial
30-12-2016 - 21:59 12-06-2015 - 15:59
CVE-2015-1793 6.4
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers t
27-12-2016 - 21:59 09-07-2015 - 15:17
CVE-2015-5165 5.0
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
23-12-2016 - 21:59 12-08-2015 - 10:59
CVE-2015-5154 7.2
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
23-12-2016 - 21:59 12-08-2015 - 10:59
CVE-2015-4493 9.3
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds c
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4492 7.5
Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4491 6.8
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers t
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4490 4.3
The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matchi
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4489 7.5
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a se
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4488 7.5
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4487 7.5
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4486 10.0
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4485 10.0
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4484 5.0
The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of sha
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4480 9.3
Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4479 10.0
Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4478 5.0
Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse m
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4477 10.0
Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4475 7.5
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4474 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-4473 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-3187 4.0
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node tha
23-12-2016 - 21:59 12-08-2015 - 10:59
CVE-2015-3184 5.0
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.
23-12-2016 - 21:59 12-08-2015 - 10:59
CVE-2015-0202 7.8
The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.
23-12-2016 - 21:59 08-04-2015 - 14:59
CVE-2014-3580 5.0
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does n
23-12-2016 - 21:59 18-12-2014 - 10:59
CVE-2015-1830 5.0
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
21-12-2016 - 21:59 19-08-2015 - 11:59
CVE-2015-6496 5.0
conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet.
07-12-2016 - 22:12 24-08-2015 - 10:59
CVE-2015-5949 6.8
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.
05-12-2016 - 22:03 25-08-2015 - 13:59
Back to Top Mark selected
Back to Top