Latest CVE Feed
-
10.0
HIGHCVE-2015-2738
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which h... Read more
- EPSS Score: %0.94
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-2737
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified im... Read more
- EPSS Score: %0.94
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2015-2736
The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a... Read more
- EPSS Score: %2.72
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2015-2735
nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.... Read more
- EPSS Score: %2.72
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-2734
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has... Read more
- EPSS Score: %0.94
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-2733
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttp... Read more
Affected Products : firefox firefox_esr solaris suse_linux_enterprise_desktop suse_linux_enterprise_server- EPSS Score: %2.69
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-2731
Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging c... Read more
- EPSS Score: %3.05
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2730
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which make... Read more
- EPSS Score: %0.34
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-2729
The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensiti... Read more
- EPSS Score: %0.44
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-2728
The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arb... Read more
Affected Products : firefox firefox_esr solaris suse_linux_enterprise_desktop suse_linux_enterprise_server- EPSS Score: %3.28
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-2727
Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: ... Read more
- EPSS Score: %2.11
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-2726
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.... Read more
- EPSS Score: %1.53
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-2725
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ... Read more
- EPSS Score: %1.98
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-2724
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and applicatio... Read more
- EPSS Score: %1.74
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-2722
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttp... Read more
- EPSS Score: %2.29
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2721
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state ma... Read more
- EPSS Score: %0.52
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2015-4129
SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie.... Read more
Affected Products : subrion_cms- EPSS Score: %0.87
- Published: Jul. 05, 2015
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2015-0544
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.... Read more
Affected Products : secure_remote_services- EPSS Score: %0.61
- Published: Jul. 05, 2015
- Modified: Apr. 12, 2025
-
5.8
MEDIUMCVE-2015-0543
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more
Affected Products : secure_remote_services- EPSS Score: %0.13
- Published: Jul. 05, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4453
interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpi... Read more
Affected Products : openemr- EPSS Score: %40.87
- Published: Jul. 05, 2015
- Modified: Apr. 12, 2025