Page 15 of 128 results (0.008 seconds)

CVSS: 6.8EPSS: 3%CPEs: 27EXPL: 0

CVE-2015-1283 – chromium-browser: Heap-buffer-overflow in expat.

https://notcve.org/view.php?id=CVE-2015-1283

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. Múltiples vulnerabilidades de desbordamiento de entero en la función XML_GetBuffer en Expat hasta la versión 2.1.0 implementada en Chrome en versiones anteriores a la 44.0.2403.89 y otros productos permite a atacantes remotos causar una denegación de servicio mediante un desbordamiento de buffer basado en memoria dinámica o, posiblemente tener otro impacto no especificado a través de datos XML manipulados, un tema relacionado con CVE-2015-2716. • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html http://rhn.redhat.com/errata/RHSA-2015-1499.html http • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •

CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0

CVE-2015-2738 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)

https://notcve.org/view.php?id=CVE-2015-2738

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. La función YCbCrImageDataDeserializer::ToDataSourceSurface en la implementación YCbCr en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1 lee datos de localizaciones de memoria no inicializadas, lo que tiene un impacto y vectores de ataque no especificados. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1207.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://www.debian.org&#x • CWE-17: DEPRECATED: Code •

CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0

CVE-2015-2737 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)

https://notcve.org/view.php?id=CVE-2015-2737

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. La función rx::d3d11::SetBufferData en la implementación Direct3D 11 en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1 lee datos de localizaciones de memoria no inicializada, lo que tiene un impacto y vectores de ataque no especificados. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1207.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://www.debian.org&#x • CWE-17: DEPRECATED: Code •

CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0

CVE-2015-2734 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)

https://notcve.org/view.php?id=CVE-2015-2734

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. La función CairoTextureClientD3D9::BorrowDrawTarget en la implementación Direct3D 9 en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1 lee datos de localizaciones de memoria no inicializada, lo que tiene un impacto y vectores de ataque no especificados. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1207.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://www.debian.org&#x • CWE-17: DEPRECATED: Code •

CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0

CVE-2015-4680

https://notcve.org/view.php?id=CVE-2015-4680

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. FreeRADIUS 2.2.x en versiones anteriores a 2.2.8 y 3.0.x en versiones anteriores a 3.0.9 no comprueba adecuadamente la revocación de certificados CA intermedios. • http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html http://www.ocert.org/advisories/ocert-2015-008.html http://www.securityfocus.com/archive/1/535810/100/0/threaded http://www.securityfocus.com/bid/75327 http://www.securitytracker.com/id/1032690 https://bugzilla.redhat.com/show_bug.cgi?id=1234975 • CWE-295: Improper Certificate Validation •