Vulnerabilities (CVE)

Filtered by CWE-119
Total 13622 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-4504 1 Mozilla 1 Firefox 2026-06-17 6.4 MEDIUM N/A
The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image.
CVE-2015-4501 1 Mozilla 1 Firefox 2026-06-17 7.5 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-4500 1 Mozilla 1 Firefox 2026-06-17 7.5 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-4493 4 Canonical, Mozilla, Opensuse and 1 more 4 Ubuntu Linux, Firefox, Opensuse and 1 more 2026-06-17 9.3 HIGH N/A
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.
CVE-2015-4489 4 Canonical, Mozilla, Opensuse and 1 more 5 Ubuntu Linux, Firefox, Firefox Os and 2 more 2026-06-17 7.5 HIGH N/A
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.
CVE-2015-4487 4 Canonical, Mozilla, Opensuse and 1 more 5 Ubuntu Linux, Firefox, Firefox Os and 2 more 2026-06-17 7.5 HIGH N/A
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
CVE-2015-4486 4 Canonical, Mozilla, Opensuse and 1 more 4 Ubuntu Linux, Firefox, Opensuse and 1 more 2026-06-17 10.0 HIGH N/A
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.
CVE-2015-4485 4 Canonical, Mozilla, Opensuse and 1 more 4 Ubuntu Linux, Firefox, Opensuse and 1 more 2026-06-17 10.0 HIGH N/A
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.
CVE-2015-4484 4 Canonical, Mozilla, Opensuse and 1 more 4 Ubuntu Linux, Firefox, Opensuse and 1 more 2026-06-17 5.0 MEDIUM N/A
The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object.
CVE-2015-4482 3 Mozilla, Opensuse, Oracle 3 Firefox, Opensuse, Solaris 2026-06-17 4.6 MEDIUM N/A
mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file.
CVE-2015-4475 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2026-06-17 7.5 HIGH N/A
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.
CVE-2015-4473 4 Canonical, Debian, Mozilla and 1 more 4 Ubuntu Linux, Debian Linux, Firefox and 1 more 2026-06-17 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-4469 1 Libmspack Project 1 Libmspack 2026-06-17 4.3 MEDIUM N/A
The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
CVE-2015-4432 4 Adobe, Apple, Linux and 1 more 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more 2026-06-17 10.0 HIGH N/A
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3135 and CVE-2015-5118.
CVE-2015-4431 4 Adobe, Apple, Linux and 1 more 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more 2026-06-17 10.0 HIGH N/A
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, and CVE-2015-3134.
CVE-2015-4422 1 Huawei 2 Mate 7, Mate 7 Firmware 2026-06-17 7.6 HIGH 7.0 HIGH
The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) via a crafted application.
CVE-2015-4421 1 Huawei 2 Mate 7, Mate 7 Firmware 2026-06-17 7.6 HIGH 7.5 HIGH
The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified input.
CVE-2015-4409 1 Hikvision 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more 2026-06-17 6.8 MEDIUM 6.5 MEDIUM
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue.
CVE-2015-4408 1 Hikvision 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more 2026-06-17 6.8 MEDIUM 6.5 MEDIUM
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue.
CVE-2015-4407 1 Hikvision 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more 2026-06-17 6.8 MEDIUM 6.5 MEDIUM
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue.