VIR Vulnerability Intelligence Relay

Search

Found 297 results in 62ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2015-0786 critical 9.8 9.8 novell 9y ago Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecif…
CVE-2015-0785 high 7.5 7.5 novell 9y ago com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.
CVE-2015-0784 high 7.5 7.5 novell 9y ago Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.
CVE-2015-0783 medium 6.5 6.5 novell 9y ago The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable.
CVE-2015-0782 critical 9.8 9.8 novell 9y ago SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecifi…
CVE-2015-0781 critical 9.8 9.8 novell 9y ago Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecif…
CVE-2015-0780 critical 9.8 9.8 novell 9y ago SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via…
CVE-2017-8932 medium 5.9 5.9 suse susefedora fedora golangnovell 9y ago Incorrect computation for P-256 curves in crypto/elliptic
CVE-2016-9961 critical 9.8 9.8 FIX slesdebian debianfedora fedora game-music-emu_projectnovell 9y ago game-music-emu before 0.6.1 mishandles unspecified integer values.
CVE-2016-9960 medium 5.5 5.5 FIX slesdebian debianfedora fedora game-music-emu_projectnovell 9y ago game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVE-2017-7432 critical 9.8 9.8 novellnetiq 9y ago Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.
CVE-2017-7431 high 8.8 8.8 novellnetiq 9y ago Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.
CVE-2017-7430 medium 6.1 6.1 novellnetiq 9y ago Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.
CVE-2017-5186 high 7.5 7.5 netiqnovell 9y ago Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the de…
CVE-2016-5762 critical 9.8 9.8 novell 9y ago Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password,…
CVE-2016-5761 medium 6.1 6.1 novell 9y ago Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.
CVE-2016-5760 medium 6.1 6.1 novell 9y ago Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or…
CVE-2016-9169 medium 6.1 6.1 novell 9y ago A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScr…
CVE-2016-9168 medium 6.5 6.5 novell 9y ago A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking.
CVE-2016-9167 high 7.5 7.5 novell 9y ago NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would…
CVE-2016-5747 high 7.5 7.5 novell 9y ago A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging pre…
CVE-2016-1603 medium 6.5 6.5 novell 9y ago An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users.
CVE-2010-4314 high 8.8 8.8 windows windows novell 9y ago Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter.
CVE-2017-5182 high 7.5 7.5 novell 10y ago Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total info…
CVE-2016-5763 critical 9.1 9.1 novell 10y ago Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update…
CVE-2016-1598 medium 5.4 5.4 novell 10y ago XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.
CVE-2016-7796 medium 5.5 5.5 FIX slessuse suse rhel systemd_projectnovell 10y ago The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be r…
CVE-2016-4303 critical 9.8 9.8 FIX debian debiansuse suse esnovell 10y ago The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex charac…
CVE-2015-8924 medium 5.5 5.5 FIX slesdebian debianubuntu ubuntu libarchivenovell 10y ago The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafte…
CVE-2015-8923 medium 6.5 6.5 FIX slesdebian debianubuntu ubuntu libarchivenovell 10y ago The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
CVE-2015-8922 medium 5.5 5.5 FIX slesdebian debianubuntu ubuntu libarchivenovell 10y ago The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7…
CVE-2015-8921 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu novelllibarchive 10y ago The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CVE-2015-8920 medium 5.5 5.5 FIX slesdebian debianubuntu ubuntu novelllibarchive 10y ago The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.
CVE-2015-8919 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu libarchivenovell 10y ago The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) …
CVE-2015-8918 high 7.5 7.5 FIX slesdebian debiansuse suse novelllibarchive 10y ago The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
CVE-2016-1611 high 7.8 8.8 EXP novell 10y ago Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's conten…
CVE-2016-1610 high 7.5 8.5 EXP novell 10y ago Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrict…
CVE-2016-1609 medium 5.4 6.4 EXP novell 10y ago Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTM…
CVE-2016-1608 high 8.8 9.8 EXP novell 10y ago vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer pa…
CVE-2016-1607 high 7.2 8.2 EXP novell 10y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administr…
CVE-2016-4997 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel novell 10y ago The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of …
CVE-2016-1704 high 8.8 8.8 sles rhelsuse suse googlenovell 10y ago Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-1583 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel novell 10y ago The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vecto…
CVE-2016-2834 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu mozillanovell 10y ago Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly…
CVE-2016-2818 high 8.8 8.8 FIX slesdebian debian rhel mozillanovell 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and a…
CVE-2016-2815 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu mozillanovell 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…
CVE-2016-0376 high 8.1 8.1 slessuse suse rhel novellibmredhat 10y ago The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40…
CVE-2016-0363 high 8.1 8.1 slessuse suse rhel redhatnovellibm 10y ago The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.…
CVE-2016-4913 high 7.8 7.8 FIX slesdebian debianubuntu ubuntu novell 10y ago The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensit…
CVE-2016-4805 high 7.8 7.8 FIX slesdebian debian rhel novell 10y ago Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or pos…
CVE-2016-4569 medium 5.5 5.5 FIX slessuse susedebian debian novell 10y ago The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from ke…
CVE-2016-4486 low 3.3 4.3 EXPFIX slesdebian debianubuntu ubuntu novell 10y ago The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from …
CVE-2016-4485 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu novell 10y ago The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack m…
CVE-2016-4482 medium 6.2 6.2 FIX slesubuntu ubuntususe suse novell 10y ago The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from k…
CVE-2016-3951 medium 4.6 4.6 FIX slesdebian debiansuse suse novellsuse 10y ago Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified ot…
CVE-2016-3689 medium 4.6 4.6 FIX slesdebian debiansuse suse novell 10y ago The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device…
CVE-2016-3140 medium 4.6 5.6 EXPFIX slesdebian debiansuse suse novell 10y ago The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s…
CVE-2016-3138 medium 4.6 4.6 FIX slesdebian debiansuse suse novell 10y ago The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) v…
CVE-2016-3137 medium 4.6 4.6 FIX debian debiansuse suseubuntu ubuntu novell 10y ago drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device withou…
CVE-2016-3136 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s…
CVE-2016-2188 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system c…
CVE-2016-2187 medium 4.6 4.6 FIX slesdebian debiansuse suse novell 10y ago The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash)…
CVE-2016-2186 medium 4.6 4.6 FIX debian debiansuse suseubuntu ubuntu novell 10y ago The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system…
CVE-2016-2185 medium 4.6 4.6 FIX debian debiansuse suseubuntu ubuntu novell 10y ago The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and sy…
CVE-2016-3672 high 7.8 8.8 EXPFIX slesdebian debiansuse suse novell 10y ago The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the int…
CVE-2016-3156 medium 5.5 5.5 FIX slesdebian debiansuse suse novell 10y ago The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging fo…
CVE-2016-3139 medium 4.6 5.6 EXPFIX slesdebian debiansuse suse novell 10y ago The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system cr…
CVE-2016-3134 high 8.4 9.4 EXPFIX slesdebian debiansuse suse novell 10y ago The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) vi…
CVE-2016-2847 medium 6.2 6.2 FIX slesdebian debiansuse suse novell 10y ago fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-…
CVE-2016-2184 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL poin…
CVE-2015-8816 medium 6.8 6.8 FIX slesdebian debiansuse suse novell 10y ago The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a …
CVE-2016-1596 medium 5.4 6.4 EXP novell 10y ago Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, …
CVE-2016-1595 medium 6.5 7.5 EXP novell 10y ago LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection att…
CVE-2016-1594 medium 6.5 7.5 EXP novell 10y ago Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via …
CVE-2016-1593 high 7.2 8.2 EXP novell 10y ago Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a …
CVE-2016-1658 medium 4.3 4.3 debian debiansuse suse novellgoogle 10y ago The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and o…
CVE-2016-1657 medium 4.3 4.3 debian debiansuse suse novellgoogle 10y ago The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which…
CVE-2015-5968 medium 6.1 6.1 novell 10y ago Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-1957 medium 4.3 4.3 FIX debian debiansuse suse novellmozilla 10y ago Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that trigger…
CVE-2016-1956 medium 6.5 6.5 FIX slesdebian debiansuse suse mozillanovell 10y ago Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a W…
CVE-2016-1955 medium 4.3 4.3 FIX slesdebian debiansuse suse novellmozilla 10y ago Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path in…
CVE-2016-1954 high 8.8 8.8 FIX debian debiansuse suse mozillanovell 10y ago The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Sec…
CVE-2016-1953 high 8.8 8.8 FIX debian debiansuse suse mozillanovell 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…
CVE-2016-1952 high 8.8 8.8 FIX debian debiansuse suse novellmozilla 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and a…
CVE-2016-1629 critical 9.8 9.8 debian debiansuse suse googlenovell 10y ago Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.
CVE-2015-5970 medium 5.3 5.3 novell 10y ago The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malforme…
CVE-2015-7566 medium 4.6 5.6 EXPFIX slesdebian debiansuse suse novell 11y ago The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system cras…
CVE-2014-0611 medium 4.3 novell 11y ago Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or…
CVE-2015-2743 high 7.5 suse suse mozillanovell 11y ago PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary …
CVE-2015-2740 critical 10.0 ubuntu ubuntudebian debiansuse suse mozillanovell 11y ago Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remot…
CVE-2015-2739 critical 10.0 ubuntu ubuntudebian debiansuse suse mozillanovell 11y ago The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has …
CVE-2015-2736 critical 9.3 ubuntu ubuntudebian debiansuse suse mozillanovell 11y ago The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which all…
CVE-2015-2735 critical 9.3 ubuntu ubuntudebian debiansuse suse mozillanovell 11y ago nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to …
CVE-2015-2730 medium 4.3 FIX debian debiansuse suse novellmozilla 11y ago Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Ellipti…
CVE-2015-2726 critical 10.0 suse suse mozillanovell 11y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…
CVE-2015-2725 critical 10.0 suse suse novellmozilla 11y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of servic…
CVE-2015-2724 critical 10.0 ubuntu ubuntudebian debiansuse suse mozillanovell 11y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cau…
CVE-2015-2722 critical 10.0 suse suse mozillanovell 11y ago Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbit…
CVE-2015-2721 medium 4.3 FIX debian debianubuntu ubuntususe suse novellmozilla 11y ago Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not p…
CVE-2015-0779 critical 10.0 EXP novell 11y ago Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory …