CVE-2015-4475
- EPSS 4.77%
- Veröffentlicht 16.08.2015 01:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of...
- EPSS 6.44%
- Veröffentlicht 16.08.2015 01:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- EPSS 6.96%
- Veröffentlicht 16.08.2015 01:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...
- EPSS 6.34%
- Veröffentlicht 14.08.2015 18:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
- EPSS 3.18%
- Veröffentlicht 12.08.2015 14:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.
CVE-2015-5523
- EPSS 3.84%
- Veröffentlicht 11.08.2015 14:59:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
CVE-2015-5522
- EPSS 4.66%
- Veröffentlicht 11.08.2015 14:59:14
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
CVE-2015-4495
- EPSS 70.23%
- Veröffentlicht 08.08.2015 00:59:04
- Zuletzt bearbeitet 22.04.2026 10:36:16
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript...
CVE-2015-3636
- EPSS 2.47%
- Veröffentlicht 06.08.2015 01:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and sy...
CVE-2015-4167
- EPSS 0.43%
- Veröffentlicht 05.08.2015 18:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted...