CVSS: 8.8EPSS: 1%CPEs: 22EXPL: 0CVE-2016-1952 – Mozilla: Miscellaneous memory safety hazards (rv:38.7) (MFSA 2016-16)
https://notcve.org/view.php?id=CVE-2016-1952
09 Mar 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el navegador en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos causar una denegación de servicio (corrupción de la... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 19EXPL: 0CVE-2016-1953 – Ubuntu Security Notice USN-2917-2
https://notcve.org/view.php?id=CVE-2016-1953
09 Mar 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. Múltiples vulnerabilidades no especificadas en el navegador en Mozilla Firefox en versiones anteriores a 45.0 permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria o caída de ... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 22EXPL: 0CVE-2016-1954 – Mozilla: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17)
https://notcve.org/view.php?id=CVE-2016-1954
09 Mar 2016 — The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. La función nsCSPContext::SendReports en dom/security/nsCSPContext.cpp en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 3... • http://hg.mozilla.org/releases/mozilla-release/rev/5154bb929236 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1955 – Ubuntu Security Notice USN-2917-2
https://notcve.org/view.php?id=CVE-2016-1955
09 Mar 2016 — Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. Mozilla Firefoz en versiones anteriores a 45.0 permite a atacantes remotos eludir la Same Origin Policy y obtener información sensible leyendo un informe de violación de Content Security Policy (CSP) que contiene información de ruta asociada con un elemento IFRAME. Fr... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 1%CPEs: 6EXPL: 0CVE-2016-1956 – Ubuntu Security Notice USN-2917-2
https://notcve.org/view.php?id=CVE-2016-1956
09 Mar 2016 — Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. Mozilla Firefox en versiones anteriores a 45.0 en Linux, cuando se utiliza un controlador de video Intel, permite a atacantes remotos causar una denegación de servicio (consumo de la memoria o corrupción de la memoria de pila) desencadenando el uso de un sombreador WebGL." Francis Gabriel discovered... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html • CWE-399: Resource Management Errors •
CVSS: 5.1EPSS: 0%CPEs: 22EXPL: 0CVE-2016-1957 – Mozilla: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20)
https://notcve.org/view.php?id=CVE-2016-1957
09 Mar 2016 — Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. Fuga de memoria en libstagefright en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un archivo MPEG-4 que desencadena una operación de... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2016-1629 – chromium-browser: same-origin bypass in Blink and Sandbox escape in Chrome
https://notcve.org/view.php?id=CVE-2016-1629
21 Feb 2016 — Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. Google Chrome en versiones anteriores a 48.0.2564.116 permite a atacantes remotos eludir la Blink Same Origin Policy y el mecanismo de protección sandbox a través de vectores no especificados. Chromium is an open-source web browser, powered by WebKit. Two flaws were found in the processing of malformed web content. A web page containing malicious conte... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_18.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 4%CPEs: 108EXPL: 0CVE-2015-7976 – Ubuntu Security Notice USN-3096-1
https://notcve.org/view.php?id=CVE-2015-7976
27 Jan 2016 — The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. El comando savconfig ntpq en NTP 4.1.2, 4.2.x en versiones anteriores a 4.2.8p6, 4.3, 4.3.25, 4.3.70 y 4.3.77 no filtra adecuadamente caracteres especiales, lo que permite a atacantes causar un impacto no especificado a través de un nombre de archivo manipulado. Aanchal Malhotra discovered that ... • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html • CWE-254: 7PK - Security Features •