Total
13622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4504 | 1 Mozilla | 1 Firefox | 2026-06-17 | 6.4 MEDIUM | N/A |
| The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image. | |||||
| CVE-2015-4501 | 1 Mozilla | 1 Firefox | 2026-06-17 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2015-4500 | 1 Mozilla | 1 Firefox | 2026-06-17 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2015-4493 | 4 Canonical, Mozilla, Opensuse and 1 more | 4 Ubuntu Linux, Firefox, Opensuse and 1 more | 2026-06-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539. | |||||
| CVE-2015-4489 | 4 Canonical, Mozilla, Opensuse and 1 more | 5 Ubuntu Linux, Firefox, Firefox Os and 2 more | 2026-06-17 | 7.5 HIGH | N/A |
| The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment. | |||||
| CVE-2015-4487 | 4 Canonical, Mozilla, Opensuse and 1 more | 5 Ubuntu Linux, Firefox, Firefox Os and 2 more | 2026-06-17 | 7.5 HIGH | N/A |
| The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow." | |||||
| CVE-2015-4486 | 4 Canonical, Mozilla, Opensuse and 1 more | 4 Ubuntu Linux, Firefox, Opensuse and 1 more | 2026-06-17 | 10.0 HIGH | N/A |
| The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data. | |||||
| CVE-2015-4485 | 4 Canonical, Mozilla, Opensuse and 1 more | 4 Ubuntu Linux, Firefox, Opensuse and 1 more | 2026-06-17 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data. | |||||
| CVE-2015-4484 | 4 Canonical, Mozilla, Opensuse and 1 more | 4 Ubuntu Linux, Firefox, Opensuse and 1 more | 2026-06-17 | 5.0 MEDIUM | N/A |
| The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object. | |||||
| CVE-2015-4482 | 3 Mozilla, Opensuse, Oracle | 3 Firefox, Opensuse, Solaris | 2026-06-17 | 4.6 MEDIUM | N/A |
| mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file. | |||||
| CVE-2015-4475 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2026-06-17 | 7.5 HIGH | N/A |
| The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file. | |||||
| CVE-2015-4473 | 4 Canonical, Debian, Mozilla and 1 more | 4 Ubuntu Linux, Debian Linux, Firefox and 1 more | 2026-06-17 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2015-4469 | 1 Libmspack Project | 1 Libmspack | 2026-06-17 | 4.3 MEDIUM | N/A |
| The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file. | |||||
| CVE-2015-4432 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2026-06-17 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3135 and CVE-2015-5118. | |||||
| CVE-2015-4431 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2026-06-17 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, and CVE-2015-3134. | |||||
| CVE-2015-4422 | 1 Huawei | 2 Mate 7, Mate 7 Firmware | 2026-06-17 | 7.6 HIGH | 7.0 HIGH |
| The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) via a crafted application. | |||||
| CVE-2015-4421 | 1 Huawei | 2 Mate 7, Mate 7 Firmware | 2026-06-17 | 7.6 HIGH | 7.5 HIGH |
| The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified input. | |||||
| CVE-2015-4409 | 1 Hikvision | 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more | 2026-06-17 | 6.8 MEDIUM | 6.5 MEDIUM |
| Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue. | |||||
| CVE-2015-4408 | 1 Hikvision | 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more | 2026-06-17 | 6.8 MEDIUM | 6.5 MEDIUM |
| Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue. | |||||
| CVE-2015-4407 | 1 Hikvision | 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more | 2026-06-17 | 6.8 MEDIUM | 6.5 MEDIUM |
| Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue. | |||||
