Vulnerabilities (CVE)

Filtered by CWE-17
Total 165 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1943 3 Google, Mozilla, Opensuse 4 Android, Firefox, Leap and 1 more 2025-04-12 4.3 MEDIUM 4.7 MEDIUM
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
CVE-2015-2743 3 Mozilla, Novell, Oracle 6 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 3 more 2025-04-12 7.5 HIGH N/A
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.
CVE-2014-3637 2 Freedesktop, Opensuse 2 Dbus, Opensuse 2025-04-12 2.1 LOW N/A
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
CVE-2014-7931 1 Google 1 Chrome 2025-04-12 7.5 HIGH N/A
factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of backing-store pointers.
CVE-2015-1233 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2025-04-12 7.5 HIGH N/A
Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-6386 1 Juniper 1 Junos 2025-04-12 7.8 HIGH N/A
Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before 13.2R1 allows remote attackers to cause a denial of service (assertion failure and rpd restart) via a crafted BGP FlowSpec prefix.
CVE-2014-9707 1 Embedthis 1 Goahead 2025-04-12 7.5 HIGH N/A
EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.
CVE-2014-9426 1 Php 1 Php 2025-04-12 7.5 HIGH 7.3 HIGH
The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable
CVE-2015-5605 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-12 5.0 MEDIUM N/A
The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message.
CVE-2015-5748 1 Apple 3 Iphone Os, Mac Os X, Safari 2025-04-12 2.1 LOW N/A
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
CVE-2015-2922 5 Debian, Fedoraproject, Linux and 2 more 6 Debian Linux, Fedora, Linux Kernel and 3 more 2025-04-12 3.3 LOW N/A
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
CVE-2015-5229 1 Redhat 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
CVE-2015-8082 1 Login Disable Project 1 Login Disable 2025-04-12 7.5 HIGH N/A
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL Login modules.
CVE-2015-0275 2 Linux, Oracle 2 Linux Kernel, Linux 2025-04-12 4.9 MEDIUM N/A
The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.
CVE-2013-6497 1 Clamav 1 Clamav 2025-04-12 2.1 LOW N/A
clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.
CVE-2014-5277 1 Docker 2 Docker, Docker-py 2025-04-12 5.0 MEDIUM N/A
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.
CVE-2016-1940 2 Google, Mozilla 2 Android, Firefox 2025-04-12 5.0 MEDIUM 5.3 MEDIUM
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.
CVE-2015-2737 5 Canonical, Debian, Mozilla and 2 more 10 Ubuntu Linux, Debian Linux, Firefox and 7 more 2025-04-12 10.0 HIGH N/A
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
CVE-2015-2042 1 Linux 1 Linux Kernel 2025-04-12 4.6 MEDIUM N/A
net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
CVE-2015-7833 2 Novell, Redhat 2 Suse Linux Enterprise Real Time Extension, Enterprise Linux 2025-04-12 4.9 MEDIUM N/A
The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.