CVE-2015-0239
- EPSS 0.64%
- Veröffentlicht 02.03.2015 11:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering u...
CVE-2014-9644
- EPSS 0.55%
- Veröffentlicht 02.03.2015 11:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) ...
- EPSS 5.49%
- Veröffentlicht 02.03.2015 11:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass in...
CVE-2013-7421
- EPSS 0.72%
- Veröffentlicht 02.03.2015 11:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.
CVE-2015-0834
- EPSS 1.26%
- Veröffentlicht 25.02.2015 11:59:14
- Zuletzt bearbeitet 06.05.2026 22:30:45
The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and compl...
- EPSS 1.05%
- Veröffentlicht 25.02.2015 11:59:12
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL wi...
CVE-2015-0831
- EPSS 4.16%
- Veröffentlicht 25.02.2015 11:59:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a d...
CVE-2015-0829
- EPSS 6.03%
- Veröffentlicht 25.02.2015 11:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.
- EPSS 2.01%
- Veröffentlicht 25.02.2015 11:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebG...
CVE-2015-0826
- EPSS 3.38%
- Veröffentlicht 25.02.2015 11:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token se...