CVSS: 5.0EPSS: 6%CPEs: 7EXPL: 0CVE-2014-9745
https://notcve.org/view.php?id=CVE-2014-9745
The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage. Vulnerabilidad en la función parse_encoding en type1/t1load.c en FreeType en versiones anteriores a 2.5.3, permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un 'broken number-with-base' en un stream Postscript, según lo demostrado por 8#garbage. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75 http://lists.opensuse.org/opensuse-updates/2015-10/msg00017.html http://savannah.nongnu.org/bugs/index.php?41590 http://www.debian.org/security/2015/dsa-3370 http://www.securityfocus.com/bid/76727 http://www.securitytracker.com/id/1033536 http://www.ubuntu.com/usn/USN-2739-1 https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1492124 https://code.google.com/p/chromium&# • CWE-399: Resource Management Errors •
CVSS: 3.3EPSS: 0%CPEs: 9EXPL: 1CVE-2015-4481 – Mozilla - Maintenance Service Log File Overwrite Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-4481
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update. Vulnerabilidad de condición de carrera en el Servicio de Mantenimiento de Mozilla en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2 en Windows, permite a usuarios locales escribir en archivos arbitrarios y consecuentemente obtener privilegios a través de vectores que involucran un enlace duro en un archivo de registro durante una actualización. The maintenance service creates a log file in a user writable location. It's possible to change the log file to a hardlink to another file to cause file corruption or elevation of privilege. • https://www.exploit-db.com/exploits/37925 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http://www.mozilla.org/security/announce/2015/mfsa2015-84.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/10 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2015-4482
https://notcve.org/view.php?id=CVE-2015-4482
mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file. Vulnerabilidad en mar_read.c en el Updater en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, permite a usuarios locales obtener privilegios o provocar una denegación de servicio (escritura fuera de rango) a través de un nombre de un Mozilla Archive (también conocido como MAR) manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http://www.mozilla.org/security/announce/2015/mfsa2015-85.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/76294 http://www.securitytracker.com/id/1033247&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4483
https://notcve.org/view.php?id=CVE-2015-4483
Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. Vulnerabilidad en Mozilla Firefox en versiones anteriores a 40.0, permite a atacantes man-in-the-middle evadir el mecanismo de protección de contenido mixto a través de una fuente: URL en una petición POST. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://www.mozilla.org/security/announce/2015/mfsa2015-86.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/76510 http://www.securitytracker.com/id/1033247 https://bugzilla.mozilla.org/show_bug.cgi?id=1148732 https://security.gentoo.org/glsa/201605-06 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-2059
https://notcve.org/view.php?id=CVE-2015-2059
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. Vulnerabilidad en la función stringprep_utf8_to_ucs4 en libin en versiones anteriores a 1.31, tal como se utiliza en jabberd2, permite a atacantes dependientes del contexto leer la memoria del sistema y posiblemente tener otro impacto no especificado a través de caracteres UTF-8 no válidos en una cadena, lo que desencadena una lectura fuera de rango. • http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html http://www.debian.org/security/2016/dsa-3578 http://www.openwall.com/lists/oss-security/2015/02/23/25 http://www.securityfocus.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •