Latest CVE Feed
-
6.4
MEDIUMCVE-2015-8579
Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vec... Read more
- EPSS Score: %0.21
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
6.4
MEDIUMCVE-2015-8578
AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.... Read more
Affected Products : internet_security- EPSS Score: %0.24
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2015-8577
The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows atta... Read more
Affected Products : virusscan_enterprise- EPSS Score: %0.02
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
7.1
HIGHCVE-2015-8461
Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.... Read more
Affected Products : bind- EPSS Score: %9.36
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-8000
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.... Read more
- EPSS Score: %54.09
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-6425
The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.... Read more
Affected Products : unified_communications_manager- EPSS Score: %0.49
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-7223
The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.... Read more
- EPSS Score: %0.74
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-7222
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocati... Read more
- EPSS Score: %3.35
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-7221
Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.... Read more
- EPSS Score: %1.70
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-7220
Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.... Read more
- EPSS Score: %1.70
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-7219
The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalcul... Read more
- EPSS Score: %1.26
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-7218
The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation.... Read more
- EPSS Score: %1.26
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-7217
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image.... Read more
- EPSS Score: %1.30
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-7216
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image... Read more
- EPSS Score: %0.89
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-7215
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an excep... Read more
- EPSS Score: %0.44
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-7214
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.... Read more
- EPSS Score: %15.48
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-7213
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 v... Read more
- EPSS Score: %2.44
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-7212
Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a ... Read more
- EPSS Score: %2.31
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-7211
Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.... Read more
- EPSS Score: %0.68
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-7210
Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.... Read more
- EPSS Score: %1.77
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025