Lucene search

K

14 matches found

CVE
CVE
added 2015/05/14 10:59 a.m.377 views

CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

7.5CVSS8.6AI score0.05699EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.109 views

CVE-2015-3451

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

5CVSS6.4AI score0.03365EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.99 views

CVE-2015-2708

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5CVSS9.8AI score0.01346EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.96 views

CVE-2015-2713

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunct...

6.8CVSS9.4AI score0.01774EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.93 views

CVE-2015-3622

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

4.3CVSS6.7AI score0.06062EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.84 views

CVE-2015-2710

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.

6.8CVSS9.6AI score0.02581EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.77 views

CVE-2015-2717

Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata.

6.8CVSS9.6AI score0.01713EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.74 views

CVE-2015-2715

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutd...

6.8CVSS9.4AI score0.0135EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.72 views

CVE-2015-2712

The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger ou...

7.5CVSS9.3AI score0.04324EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.67 views

CVE-2015-2718

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data.

4.3CVSS8.7AI score0.00352EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.65 views

CVE-2015-2711

Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a URL,...

4.3CVSS8.8AI score0.00512EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.63 views

CVE-2015-2709

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5CVSS9.7AI score0.00874EPSS
CVE
CVE
added 2015/05/18 3:59 p.m.60 views

CVE-2015-3629

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

7.8CVSS7.2AI score0.00053EPSS
CVE
CVE
added 2015/05/01 3:59 p.m.38 views

CVE-2014-3598

The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

5CVSS6.5AI score0.00403EPSS