CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 2CVE-2015-7566 – Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor clie_5_attach Nullpointer Dereference
https://notcve.org/view.php?id=CVE-2015-7566
19 Jan 2016 — The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. La función clie_5_attach en drivers/usb/serial/visor.c en el kernel de Linux hasta la versión 4.4.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caíd... • https://packetstorm.news/files/id/136141 •
CVSS: 4.4EPSS: 0%CPEs: 43EXPL: 0CVE-2015-8552 – Ubuntu Security Notice USN-2846-1
https://notcve.org/view.php?id=CVE-2015-8552
20 Dec 2015 — The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks." El controlador backend PCI en Xen, cuando se ejecuta en un sistema x86 y utiliza Lin... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 30EXPL: 1CVE-2015-2721 – NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71)
https://notcve.org/view.php?id=CVE-2015-2721
06 Jul 2015 — Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. Mozilla Network... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2015-2726 – Ubuntu Security Notice USN-2656-2
https://notcve.org/view.php?id=CVE-2015-2726
06 Jul 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 39.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vect... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2015-2730 – NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)
https://notcve.org/view.php?id=CVE-2015-2730
06 Jul 2015 — Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors. Mozilla Network Security Services (NSS) anterior a 3.19.1, utilizado en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y otros pro... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 2%CPEs: 21EXPL: 0CVE-2015-2722 – Mozilla: Use-after-free in workers while using XMLHttpRequest (MFSA 2015-65)
https://notcve.org/view.php?id=CVE-2015-2722
03 Jul 2015 — Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker. Vulnerabilidad de uso después de liberación en la función CanonicalizeXPCOMParticipant en Mozilla Firefox anterior a 39.0 y Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1 permite a atacantes remotos ejecutar códig... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 28EXPL: 0CVE-2015-2724 – Mozilla: Miscellaneous memory safety hazards (rv:31.8 / rv:38.1) (MFSA 2015-59)
https://notcve.org/view.php?id=CVE-2015-2724
03 Jul 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 22EXPL: 0CVE-2015-2725 – Mozilla: Miscellaneous memory safety hazards (rv:31.8 / rv:38.1) (MFSA 2015-59)
https://notcve.org/view.php?id=CVE-2015-2725
03 Jul 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 39.0, Firefox ESR 38.x anterior a 38.1, y Thunderbird anterior a 38.1 permiten a atacantes remotos causar una den... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 20EXPL: 0CVE-2015-2728 – Mozilla: Type confusion in Indexed Database Manager (MFSA 2015-61)
https://notcve.org/view.php?id=CVE-2015-2728
03 Jul 2015 — The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue. La clase IndexedDatabaseManager en la implementación IndexedDB en Mozilla Firefox anterior a 39.0 y Firefox ESR ... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 3%CPEs: 20EXPL: 0CVE-2015-2733 – Mozilla: Use-after-free in workers while using XMLHttpRequest (MFSA 2015-65)
https://notcve.org/view.php?id=CVE-2015-2733
03 Jul 2015 — Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker. Vulnerabilidad de uso después de liberación en la función CanonicalizeXPCOMParticipant en Mozilla Firefox anterior a 39.0 y Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1 permite a atacantes remotos ejecutar có... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-416: Use After Free •