- EPSS 5.87%
- Veröffentlicht 06.07.2015 02:00:55
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and appli...
- EPSS 6.18%
- Veröffentlicht 06.07.2015 02:00:54
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XM...
CVE-2015-2721
- EPSS 3.28%
- Veröffentlicht 06.07.2015 02:00:49
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS sta...
- EPSS 8.93%
- Veröffentlicht 24.06.2015 14:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, a...
- EPSS 50.13%
- Veröffentlicht 09.06.2015 18:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form ...
CVE-2015-3330
- EPSS 14.08%
- Veröffentlicht 09.06.2015 18:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or p...
CVE-2015-3329
- EPSS 38.43%
- Veröffentlicht 09.06.2015 18:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) ph...
CVE-2015-3200
- EPSS 9.98%
- Veröffentlicht 09.06.2015 14:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
CVE-2015-2922
- EPSS 3.05%
- Veröffentlicht 27.05.2015 10:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value ...
- EPSS 2.95%
- Veröffentlicht 26.05.2015 15:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error ...