Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10707 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-2742 3 Apple, Mozilla, Oracle 3 Macos, Firefox, Solaris 2025-04-12 N/A
Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream.
CVE-2015-2743 4 Mozilla, Novell, Oracle and 1 more 7 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 4 more 2025-04-12 N/A
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.
CVE-2015-3144 4 Canonical, Debian, Haxx and 1 more 5 Ubuntu Linux, Debian Linux, Curl and 2 more 2025-04-12 N/A
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
CVE-2015-3145 8 Apple, Canonical, Debian and 5 more 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more 2025-04-12 N/A
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
CVE-2015-3219 4 Debian, Openstack, Oracle and 1 more 4 Debian Linux, Horizon, Solaris and 1 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
CVE-2015-4922 1 Oracle 1 Solaris 2025-04-12 N/A
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Boot.
CVE-2015-3329 4 Apple, Oracle, Php and 1 more 12 Mac Os X, Linux, Solaris and 9 more 2025-04-12 N/A
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
CVE-2015-3330 4 Apple, Oracle, Php and 1 more 12 Mac Os X, Linux, Solaris and 9 more 2025-04-12 N/A
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."
CVE-2015-3900 4 Oracle, Redhat, Ruby-lang and 1 more 5 Solaris, Enterprise Linux, Rhel Software Collections and 2 more 2025-04-12 N/A
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."
CVE-2015-4020 2 Oracle, Rubygems 2 Solaris, Rubygems 2025-04-12 N/A
RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.
CVE-2015-4024 5 Apple, Hp, Oracle and 2 more 13 Mac Os X, System Management Homepage, Linux and 10 more 2025-04-12 N/A
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.
CVE-2015-4486 5 Canonical, Mozilla, Opensuse and 2 more 5 Ubuntu Linux, Firefox, Opensuse and 2 more 2025-04-12 N/A
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.
CVE-2015-4487 5 Canonical, Mozilla, Opensuse and 2 more 6 Ubuntu Linux, Firefox, Firefox Os and 3 more 2025-04-12 N/A
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
CVE-2015-4488 5 Canonical, Mozilla, Opensuse and 2 more 6 Ubuntu Linux, Firefox, Firefox Os and 3 more 2025-04-12 N/A
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.
CVE-2015-4489 5 Canonical, Mozilla, Opensuse and 2 more 6 Ubuntu Linux, Firefox, Firefox Os and 3 more 2025-04-12 N/A
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.
CVE-2015-4490 4 Canonical, Mozilla, Opensuse and 1 more 4 Ubuntu Linux, Firefox, Opensuse and 1 more 2025-04-12 N/A
The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging unexpected policy-enforcement behavior.
CVE-2015-4491 9 Canonical, Fedoraproject, Gnome and 6 more 9 Ubuntu Linux, Fedora, Gdk-pixbuf and 6 more 2025-04-12 N/A
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
CVE-2015-4743 1 Oracle 1 E-business Suite 2025-04-12 N/A
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to AD Utilities.
CVE-2015-4744 1 Oracle 1 Fusion Middleware 2025-04-12 N/A
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via unknown vectors related to Java Server Faces.
CVE-2015-4745 1 Oracle 1 Fusion Middleware 2025-04-12 N/A
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, and CVE-2015-2606.