CVE-2015-0825
- EPSS 1.54%
- Veröffentlicht 25.02.2015 11:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memor...
- EPSS 3.66%
- Veröffentlicht 25.02.2015 11:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of Draw...
CVE-2015-0823
- EPSS 3.89%
- Veröffentlicht 25.02.2015 11:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect...
CVE-2015-0821
- EPSS 2.27%
- Veröffentlicht 25.02.2015 11:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions.
CVE-2015-0820
- EPSS 1.73%
- Veröffentlicht 25.02.2015 11:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript s...
CVE-2015-0819
- EPSS 2.08%
- Veröffentlicht 25.02.2015 11:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site.
CVE-2015-1572
- EPSS 0.6%
- Veröffentlicht 24.02.2015 15:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an...
CVE-2014-9402
- EPSS 7.83%
- Veröffentlicht 24.02.2015 15:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive ...
- EPSS 5.81%
- Veröffentlicht 24.02.2015 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigge...
- EPSS 87.64%
- Veröffentlicht 24.02.2015 01:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execu...