Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (4309 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-0830 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content.
CVE-2016-3705 6 Canonical, Debian, Hp and 3 more 8 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 5 more 2025-04-12 N/A
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
CVE-2012-6648 2 Canonical, Gdm-guest-session Project 2 Ubuntu Linux, Gdm-guest-session 2025-04-12 N/A
gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue.
CVE-2015-0829 4 Canonical, Mozilla, Opensuse and 1 more 4 Ubuntu Linux, Firefox, Opensuse and 1 more 2025-04-12 N/A
Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.
CVE-2015-0826 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operation.
CVE-2015-0825 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback.
CVE-2015-0824 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing.
CVE-2016-8655 3 Canonical, Linux, Redhat 5 Ubuntu Linux, Linux Kernel, Enterprise Linux and 2 more 2025-04-12 7.8 High
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
CVE-2016-9013 3 Canonical, Djangoproject, Fedoraproject 3 Ubuntu Linux, Django, Fedora 2025-04-12 N/A
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.
CVE-2016-3951 4 Canonical, Linux, Novell and 1 more 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 7 more 2025-04-12 N/A
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.
CVE-2015-0823 4 Canonical, Mozilla, Opensuse and 1 more 4 Ubuntu Linux, Firefox, Opensuse and 1 more 2025-04-12 N/A
Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_parse function.
CVE-2015-0821 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions.
CVE-2016-7795 3 Canonical, Redhat, Systemd Project 4 Ubuntu Linux, Enterprise Linux, Rhel Eus and 1 more 2025-04-12 N/A
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.
CVE-2016-3982 4 Canonical, Debian, Opensuse and 1 more 5 Ubuntu Linux, Debian Linux, Leap and 2 more 2025-04-12 N/A
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.
CVE-2015-0820 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site.
CVE-2015-0819 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site.
CVE-2016-7913 3 Canonical, Linux, Redhat 6 Ubuntu Linux, Linux Kernel, Enterprise Linux and 3 more 2025-04-12 7.8 High
The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.
CVE-2016-4052 3 Canonical, Redhat, Squid-cache 3 Ubuntu Linux, Enterprise Linux, Squid 2025-04-12 N/A
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
CVE-2016-9014 3 Canonical, Djangoproject, Fedoraproject 3 Ubuntu Linux, Django, Fedora 2025-04-12 N/A
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
CVE-2015-0812 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.