CVSS: 9.8EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0825 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0825
25 Feb 2015 — Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback. Subdesbordamiento de buffer basado en pila en la función mozilla::MP3FrameParser::ParseBuffer en Mozilla Firefox anterior a 36.0 permite a atacantes remotos obtener información sensible de la memoria de procesos a través de un fiche... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 238EXPL: 0CVE-2015-0829 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0829
25 Feb 2015 — Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback. Desbordamiento de buffer en libstagefright en Mozilla Firefox anterior a 36.0 permite a atacantes remotos ejecutar código arbitrario a través de un vídeo MP4 manipulado que está manejado incorrectamente durante la reproducción. USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated "-remote" command-lin... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0819 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0819
25 Feb 2015 — The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site. La función UITour::onPageEvent en Mozilla Firefox anterior a 36.0 no asegura que una llamada a API origine de una pestaña en primer plano, lo que permite a atacantes remotos realizar ataques de suplantación y clickjacking mediante el aprovechamiento del acceso a... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-19: Data Processing Errors •
CVSS: 8.1EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0821 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0821
25 Feb 2015 — Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. Mozilla Firefox anterior a 36.0 permite a atacantes remotos asistidos por el usuario leer ficheros arbitrarios o ejecutar código JavaScript arbitrario con privilegios chrome a través de un sitio web manipulado a que se accede con acciones de ratón y teclado no especificadas. U... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0832 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0832
25 Feb 2015 — Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character. Mozilla Firefox anterior a 36.0 no reconoce correctamente la equivalencia de los nombres de dominios con y sin un caracter . (punto) final, lo que permite a atacant... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 0%CPEs: 238EXPL: 0CVE-2015-0823 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0823
25 Feb 2015 — Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_parse function. Múltiples vulnerabilidades de uso después de liberación en OpenType Sanitiser, utilizado en Mozilla Firefox anterior a 36.0, podrían permitir a atacantes remotos provocar información problemática de ... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html •
CVSS: 9.8EPSS: 7%CPEs: 20EXPL: 0CVE-2015-0395 – OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)
https://notcve.org/view.php?id=CVE-2015-0395
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Hotspot. A flaw was found in the way the Hotspot garbage collector handled phantom references. An untr... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2015-0383 – OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807)
https://notcve.org/view.php?id=CVE-2015-0383
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25; Java SE Embedded 7u71 y 8u6; y JRockit R27.8.4 y R28.3.4 permite a usuarios locales afectar la integridad y la disponibilidad a través de vectores desconocidos relacionados con Hotspot. Multiple insecur... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 • CWE-377: Insecure Temporary File •
CVSS: 10.0EPSS: 2%CPEs: 18EXPL: 0CVE-2014-6601 – OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)
https://notcve.org/view.php?id=CVE-2014-6601
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores desconocidos relacionados con Hotspot. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted ... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2015-0412 – OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)
https://notcve.org/view.php?id=CVE-2015-0412
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. Vulnerabilidad no especificada en Oracle Java SE 6u85, 7u72, y 8u25 permite a usuarios remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores relacionados con JAX-WS. An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use th... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •