CVE-2015-0799
- EPSS 1.17%
- Veröffentlicht 08.04.2015 10:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2...
CVE-2015-1465
- EPSS 6.51%
- Veröffentlicht 05.04.2015 21:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (...
CVE-2015-2756
- EPSS 0.45%
- Veröffentlicht 01.04.2015 14:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O ...
CVE-2015-0812
- EPSS 1.26%
- Veröffentlicht 01.04.2015 10:59:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DN...
CVE-2015-0811
- EPSS 2.82%
- Veröffentlicht 01.04.2015 10:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation.
- EPSS 2.81%
- Veröffentlicht 01.04.2015 10:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of se...
CVE-2015-0806
- EPSS 3.62%
- Veröffentlicht 01.04.2015 10:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which al...
CVE-2015-0805
- EPSS 3.62%
- Veröffentlicht 01.04.2015 10:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execut...
CVE-2015-0804
- EPSS 3.7%
- Veröffentlicht 01.04.2015 10:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or c...
CVE-2015-0803
- EPSS 3.7%
- Veröffentlicht 01.04.2015 10:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary c...