Security Measurement
Days of Risk Report (automatically generated)
This is a sample report run from the public available data sets. Other example reports are also available, or alternatively run your own with the programs provided.
Product: Red Hat Enterprise Linux 7 (all packages)
CPE: cpe:/o:redhat:enterprise_linux:7
Starting date: 20140610
Ending date: 20170623
For Severity: Critical
160 issues with half of all issues (median) fixed within 1 days. Average of 0.7 days.
| CVE | RHSA | Description | Severity | Public | Fixed | Days |
|---|---|---|---|---|---|---|
| CVE-2017-5470 | RHSA-2017:1440 RHSA-2017:1561 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170614 | 20170614 | 0 |
| CVE-2017-5472 | RHSA-2017:1440 RHSA-2017:1561 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170614 | 20170614 | 0 |
| CVE-2017-5429 | RHSA-2017:1106 RHSA-2017:1201 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170419 | 20170421 | 2 |
| CVE-2017-5430 | RHSA-2017:1106 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170419 | 20170421 | 2 |
| CVE-2017-5433 | RHSA-2017:1106 RHSA-2017:1201 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170419 | 20170421 | 2 |
| CVE-2017-5435 | RHSA-2017:1106 RHSA-2017:1201 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170419 | 20170421 | 2 |
| CVE-2017-5436 | RHSA-2017:1106 RHSA-2017:1201 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170419 | 20170421 | 2 |
| CVE-2017-5459 | RHSA-2017:1106 RHSA-2017:1201 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170419 | 20170421 | 2 |
| CVE-2017-5466 | RHSA-2017:1106 RHSA-2017:1201 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170419 | 20170421 | 2 |
| CVE-2017-5461 | RHSA-2017:1100 | Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. | C | 20170419 | 20170420 | 1 |
| CVE-2017-5428 | RHSA-2017:0558 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170317 | 20170317 | 0 |
| CVE-2017-5398 | RHSA-2017:0461 RHSA-2017:0498 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170307 | 20170308 | 1 |
| CVE-2017-5400 | RHSA-2017:0461 RHSA-2017:0498 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170307 | 20170308 | 1 |
| CVE-2017-5401 | RHSA-2017:0461 RHSA-2017:0498 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170307 | 20170308 | 1 |
| CVE-2017-5402 | RHSA-2017:0461 RHSA-2017:0498 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170307 | 20170308 | 1 |
| CVE-2017-5404 | RHSA-2017:0461 RHSA-2017:0498 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170307 | 20170308 | 1 |
| CVE-2017-5373 | RHSA-2017:0190 RHSA-2017:0238 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170124 | 20170125 | 1 |
| CVE-2017-5375 | RHSA-2017:0190 RHSA-2017:0238 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170124 | 20170125 | 1 |
| CVE-2017-5376 | RHSA-2017:0190 RHSA-2017:0238 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20170124 | 20170125 | 1 |
| CVE-2017-3241 | RHSA-2017:0180 RHSA-2017:0269 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). | C | 20170117 | 20170120 | 3 |
| CVE-2017-3272 | RHSA-2017:0180 RHSA-2017:0269 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). | C | 20170117 | 20170120 | 3 |
| CVE-2017-3289 | RHSA-2017:0180 RHSA-2017:0269 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). | C | 20170117 | 20170120 | 3 |
| CVE-2016-9893 | RHSA-2016:2946 RHSA-2016:2973 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20161214 | 20161214 | 0 |
| CVE-2016-9899 | RHSA-2016:2946 RHSA-2016:2973 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20161214 | 20161214 | 0 |
| CVE-2016-9079 | RHSA-2016:2843 RHSA-2016:2850 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20161201 | 20161201 | 0 |
| CVE-2016-5290 | RHSA-2016:2780 RHSA-2016:2825 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20161116 | 20161116 | 0 |
| CVE-2016-5296 | RHSA-2016:2780 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | C | 20161116 | 20161116 | 0 |
| CVE-2016-5582 | RHSA-2016:2079 RHSA-2016:2658 RHSA-2017:0061 | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573. | C | 20161018 | 20161019 | 1 |
| CVE-2016-5257 | RHSA-2016:1912 RHSA-2016:1985 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20160920 | 20160921 | 1 |
| CVE-2016-5278 | RHSA-2016:1912 | Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image. | C | 20160920 | 20160921 | 1 |
| CVE-2016-2836 | RHSA-2016:1551 RHSA-2016:1809 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors. | C | 20160802 | 20160803 | 1 |
| CVE-2016-5258 | RHSA-2016:1551 | Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session. | C | 20160802 | 20160803 | 1 |
| CVE-2016-5259 | RHSA-2016:1551 | Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop. | C | 20160802 | 20160803 | 1 |
| CVE-2016-3587 | RHSA-2016:1458 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. | C | 20160719 | 20160720 | 1 |
| CVE-2016-3598 | RHSA-2016:1458 RHSA-2016:1504 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610. | C | 20160719 | 20160720 | 1 |
| CVE-2016-3606 | RHSA-2016:1458 RHSA-2016:1504 RHSA-2016:1776 | Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. | C | 20160719 | 20160720 | 1 |
| CVE-2016-3610 | RHSA-2016:1458 RHSA-2016:1504 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598. | C | 20160719 | 20160720 | 1 |
| CVE-2016-2818 | RHSA-2016:1217 RHSA-2016:1392 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20160608 | 20160608 | 0 |
| CVE-2016-2819 | RHSA-2016:1217 | Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element. | C | 20160608 | 20160608 | 0 |
| CVE-2016-2805 | RHSA-2016:0695 RHSA-2016:1041 | Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20160426 | 20160426 | 0 |
| CVE-2016-2806 | RHSA-2016:0695 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20160426 | 20160426 | 0 |
| CVE-2016-2807 | RHSA-2016:0695 RHSA-2016:1041 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20160426 | 20160426 | 0 |
| CVE-2016-0686 | RHSA-2016:0650 RHSA-2016:0676 RHSA-2016:0723 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. | C | 20160419 | 20160420 | 1 |
| CVE-2016-0687 | RHSA-2016:0650 RHSA-2016:0676 RHSA-2016:0723 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component. | C | 20160419 | 20160420 | 1 |
| CVE-2016-3427 | RHSA-2016:0650 RHSA-2016:0676 RHSA-2016:0723 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | C | 20160419 | 20160420 | 1 |
| CVE-2015-5370 | RHSA-2016:0612 | Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors. | C | 20160412 | 20160413 | 1 |
| CVE-2016-0636 | RHSA-2016:0512 RHSA-2016:0513 | Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component. | C | 20160323 | 20160324 | 1 |
| CVE-2016-1950 | RHSA-2016:0370 | Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. | C | 20160308 | 20160309 | 1 |
| CVE-2016-1952 | RHSA-2016:0373 RHSA-2016:0460 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20160308 | 20160309 | 1 |
| CVE-2016-1960 | RHSA-2016:0373 RHSA-2016:0460 | Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. | C | 20160308 | 20160309 | 1 |
| CVE-2016-1961 | RHSA-2016:0373 RHSA-2016:0460 | Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. | C | 20160308 | 20160309 | 1 |
| CVE-2016-1962 | RHSA-2016:0373 | Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. | C | 20160308 | 20160309 | 1 |
| CVE-2016-1964 | RHSA-2016:0373 RHSA-2016:0460 | Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. | C | 20160308 | 20160309 | 1 |
| CVE-2016-1977 | RHSA-2016:0373 RHSA-2016:0460 | The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. | C | 20160308 | 20160309 | 1 |
| CVE-2016-2790 | RHSA-2016:0373 RHSA-2016:0460 | The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. | C | 20160308 | 20160309 | 1 |
| CVE-2016-2791 | RHSA-2016:0373 RHSA-2016:0460 | The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | C | 20160308 | 20160309 | 1 |
| CVE-2016-2792 | RHSA-2016:0373 RHSA-2016:0460 | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. | C | 20160308 | 20160309 | 1 |
| CVE-2016-2793 | RHSA-2016:0373 RHSA-2016:0460 | CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | C | 20160308 | 20160309 | 1 |
| CVE-2016-2794 | RHSA-2016:0373 RHSA-2016:0460 | The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | C | 20160308 | 20160309 | 1 |
| CVE-2016-2795 | RHSA-2016:0373 RHSA-2016:0460 | The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. | C | 20160308 | 20160309 | 1 |
| CVE-2016-2796 | RHSA-2016:0373 RHSA-2016:0460 | Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. | C | 20160308 | 20160309 | 1 |
| CVE-2016-2797 | RHSA-2016:0373 RHSA-2016:0460 | The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. | C | 20160308 | 20160309 | 1 |
| CVE-2016-2798 | RHSA-2016:0373 RHSA-2016:0460 | The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | C | 20160308 | 20160309 | 1 |
| CVE-2016-2799 | RHSA-2016:0373 RHSA-2016:0460 | Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. | C | 20160308 | 20160309 | 1 |
| CVE-2016-2800 | RHSA-2016:0373 RHSA-2016:0460 | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. | C | 20160308 | 20160309 | 1 |
| CVE-2016-2801 | RHSA-2016:0373 RHSA-2016:0460 | The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. | C | 20160308 | 20160309 | 1 |
| CVE-2016-2802 | RHSA-2016:0373 RHSA-2016:0460 | The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | C | 20160308 | 20160309 | 1 |
| CVE-2015-7547 | RHSA-2016:0176 RHSA-2016:0277 | Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. | C | 20160216 | 20160216 | 0 |
| CVE-2016-1930 | RHSA-2016:0071 RHSA-2016:0258 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20160126 | 20160127 | 1 |
| CVE-2016-1935 | RHSA-2016:0071 RHSA-2016:0258 | Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. | C | 20160126 | 20160127 | 1 |
| CVE-2016-0483 | RHSA-2016:0049 RHSA-2016:0054 RHSA-2016:0067 | Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data. | C | 20160119 | 20160120 | 1 |
| CVE-2016-0494 | RHSA-2016:0049 RHSA-2016:0054 RHSA-2016:0067 | Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | C | 20160119 | 20160120 | 1 |
| CVE-2015-7201 | RHSA-2015:2657 RHSA-2016:0001 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20151216 | 20151216 | 0 |
| CVE-2015-7210 | RHSA-2015:2657 | Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. | C | 20151216 | 20151216 | 0 |
| CVE-2015-4513 | RHSA-2015:1982 RHSA-2015:2519 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20151104 | 20151104 | 0 |
| CVE-2015-7181 | RHSA-2015:1981 | The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. | C | 20151103 | 20151104 | 1 |
| CVE-2015-7182 | RHSA-2015:1981 | Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. | C | 20151103 | 20151104 | 1 |
| CVE-2015-7183 | RHSA-2015:1981 | Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | C | 20151103 | 20151104 | 1 |
| CVE-2015-7198 | RHSA-2015:1982 RHSA-2015:2519 | Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data. | C | 20151104 | 20151104 | 0 |
| CVE-2015-7199 | RHSA-2015:1982 RHSA-2015:2519 | The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document. | C | 20151104 | 20151104 | 0 |
| CVE-2015-7200 | RHSA-2015:1982 RHSA-2015:2519 | The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. | C | 20151104 | 20151104 | 0 |
| CVE-2015-4805 | RHSA-2015:1919 RHSA-2015:1920 RHSA-2015:2086 | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. | C | 20151020 | 20151021 | 1 |
| CVE-2015-4835 | RHSA-2015:1919 RHSA-2015:1920 RHSA-2015:2086 | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881. | C | 20151020 | 20151021 | 1 |
| CVE-2015-4843 | RHSA-2015:1919 RHSA-2015:1920 RHSA-2015:2086 | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | C | 20151020 | 20151021 | 1 |
| CVE-2015-4844 | RHSA-2015:1919 RHSA-2015:1920 RHSA-2015:2086 | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | C | 20151020 | 20151021 | 1 |
| CVE-2015-4860 | RHSA-2015:1919 RHSA-2015:1920 RHSA-2015:2086 | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883. | C | 20151020 | 20151021 | 1 |
| CVE-2015-4881 | RHSA-2015:1919 RHSA-2015:1920 RHSA-2015:2086 | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835. | C | 20151020 | 20151021 | 1 |
| CVE-2015-4883 | RHSA-2015:1919 RHSA-2015:1920 RHSA-2015:2086 | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860. | C | 20151020 | 20151021 | 1 |
| CVE-2015-4500 | RHSA-2015:1834 RHSA-2015:1852 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20150922 | 20150922 | 0 |
| CVE-2015-4509 | RHSA-2015:1834 RHSA-2015:1852 | Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176. | C | 20150922 | 20150922 | 0 |
| CVE-2015-4497 | RHSA-2015:1693 | Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element. | C | 20150827 | 20150827 | 0 |
| CVE-2015-4473 | RHSA-2015:1586 RHSA-2015:1682 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20150811 | 20150811 | 0 |
| CVE-2015-4479 | RHSA-2015:1586 | Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data. | C | 20150811 | 20150811 | 0 |
| CVE-2015-4480 | RHSA-2015:1586 | Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding. | C | 20150811 | 20150811 | 0 |
| CVE-2015-4485 | RHSA-2015:1586 | Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data. | C | 20150811 | 20150811 | 0 |
| CVE-2015-4486 | RHSA-2015:1586 | The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data. | C | 20150811 | 20150811 | 0 |
| CVE-2015-4493 | RHSA-2015:1586 | Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539. | C | 20150811 | 20150811 | 0 |
| CVE-2015-2590 | RHSA-2015:1228 RHSA-2015:1229 RHSA-2015:1526 | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732. | C | 20150714 | 20150715 | 1 |
| CVE-2015-2628 | RHSA-2015:1228 RHSA-2015:1229 RHSA-2015:1526 | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. | C | 20150714 | 20150715 | 1 |
| CVE-2015-4731 | RHSA-2015:1228 RHSA-2015:1229 RHSA-2015:1526 | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | C | 20150714 | 20150715 | 1 |
| CVE-2015-4732 | RHSA-2015:1228 RHSA-2015:1229 RHSA-2015:1526 | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590. | C | 20150714 | 20150715 | 1 |
| CVE-2015-4733 | RHSA-2015:1228 RHSA-2015:1229 RHSA-2015:1526 | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. | C | 20150714 | 20150715 | 1 |
| CVE-2015-4760 | RHSA-2015:1228 RHSA-2015:1229 RHSA-2015:1526 | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | C | 20150714 | 20150715 | 1 |
| CVE-2015-2722 | RHSA-2015:1207 | Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker. | C | 20150702 | 20150703 | 1 |
| CVE-2015-2731 | RHSA-2015:1207 RHSA-2015:1455 | Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy. | C | 20150702 | 20150703 | 1 |
| CVE-2015-2733 | RHSA-2015:1207 | Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker. | C | 20150702 | 20150703 | 1 |
| CVE-2015-2734 | RHSA-2015:1207 RHSA-2015:1455 | The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. | C | 20150702 | 20150703 | 1 |
| CVE-2015-2735 | RHSA-2015:1207 RHSA-2015:1455 | nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. | C | 20150702 | 20150703 | 1 |
| CVE-2015-2736 | RHSA-2015:1207 RHSA-2015:1455 | The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. | C | 20150702 | 20150703 | 1 |
| CVE-2015-2737 | RHSA-2015:1207 RHSA-2015:1455 | The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. | C | 20150702 | 20150703 | 1 |
| CVE-2015-2738 | RHSA-2015:1207 RHSA-2015:1455 | The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. | C | 20150702 | 20150703 | 1 |
| CVE-2015-2739 | RHSA-2015:1207 RHSA-2015:1455 | The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors. | C | 20150702 | 20150703 | 1 |
| CVE-2015-2740 | RHSA-2015:1207 RHSA-2015:1455 | Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors. | C | 20150702 | 20150703 | 1 |
| CVE-2015-2708 | RHSA-2015:0988 RHSA-2015:1012 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20150512 | 20150512 | 0 |
| CVE-2015-2710 | RHSA-2015:0988 RHSA-2015:1012 | Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence. | C | 20150512 | 20150512 | 0 |
| CVE-2015-2713 | RHSA-2015:0988 RHSA-2015:1012 | Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text. | C | 20150512 | 20150512 | 0 |
| CVE-2015-2716 | RHSA-2015:0988 RHSA-2015:1012 | Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. | C | 20150512 | 20150512 | 0 |
| CVE-2015-4496 | RHSA-2015:0988 | Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538. | C | 20150812 | 20150512 | 0 |
| CVE-2015-0460 | RHSA-2015:0806 RHSA-2015:0808 RHSA-2015:0809 | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | C | 20150414 | 20150415 | 1 |
| CVE-2015-0469 | RHSA-2015:0806 RHSA-2015:0808 RHSA-2015:0809 | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | C | 20150414 | 20150415 | 1 |
| CVE-2015-0813 | RHSA-2015:0766 RHSA-2015:0771 | Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file. | C | 20150331 | 20150401 | 1 |
| CVE-2015-0815 | RHSA-2015:0766 RHSA-2015:0771 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20150331 | 20150401 | 1 |
| CVE-2015-0817 | RHSA-2015:0718 | The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. | C | 20150321 | 20150324 | 3 |
| CVE-2015-0818 | RHSA-2015:0718 | Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. | C | 20150321 | 20150324 | 3 |
| CVE-2015-0831 | RHSA-2015:0265 RHSA-2015:0629 RHSA-2015:0642 | Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. | C | 20150224 | 20150224 | 0 |
| CVE-2015-0836 | RHSA-2015:0265 RHSA-2015:0629 RHSA-2015:0642 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20150224 | 20150224 | 0 |
| CVE-2015-0235 | RHSA-2015:0092 | Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." | C | 20150127 | 20150127 | 0 |
| CVE-2014-6601 | RHSA-2015:0067 RHSA-2015:0085 | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | C | 20150120 | 20150121 | 1 |
| CVE-2015-0395 | RHSA-2015:0067 RHSA-2015:0085 | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | C | 20150120 | 20150121 | 1 |
| CVE-2015-0408 | RHSA-2015:0067 RHSA-2015:0085 | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. | C | 20150120 | 20150121 | 1 |
| CVE-2015-0412 | RHSA-2015:0067 RHSA-2015:0085 | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. | C | 20150120 | 20150121 | 1 |
| CVE-2014-8634 | RHSA-2015:0046 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20150113 | 20150113 | 0 |
| CVE-2014-1587 | RHSA-2014:1919 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20141202 | 20141202 | 0 |
| CVE-2014-1592 | RHSA-2014:1919 | Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. | C | 20141202 | 20141202 | 0 |
| CVE-2014-1593 | RHSA-2014:1919 | Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. | C | 20141202 | 20141202 | 0 |
| CVE-2014-1574 | RHSA-2014:1635 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20141014 | 20141015 | 1 |
| CVE-2014-1578 | RHSA-2014:1635 | The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback. | C | 20141014 | 20141015 | 1 |
| CVE-2014-1581 | RHSA-2014:1635 | Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. | C | 20141014 | 20141015 | 1 |
| CVE-2014-6271 | RHSA-2014:1293 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. | C | 20140924 | 20140924 | 0 |
| CVE-2014-1562 | RHSA-2014:1144 | Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20140903 | 20140903 | 0 |
| CVE-2014-1567 | RHSA-2014:1144 | Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. | C | 20140903 | 20140903 | 0 |
| CVE-2014-1544 | RHSA-2014:0916 | Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. | C | 20140722 | 20140722 | 0 |
| CVE-2014-1547 | RHSA-2014:0919 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20140722 | 20140722 | 0 |
| CVE-2014-1556 | RHSA-2014:0919 | Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. | C | 20140722 | 20140722 | 0 |
| CVE-2014-2483 | RHSA-2014:0889 | Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations." | C | 20140715 | 20140716 | 1 |
| CVE-2014-2490 | RHSA-2014:0889 RHSA-2014:0907 | Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | C | 20140715 | 20140716 | 1 |
| CVE-2014-4216 | RHSA-2014:0889 RHSA-2014:0907 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | C | 20140715 | 20140716 | 1 |
| CVE-2014-4219 | RHSA-2014:0889 RHSA-2014:0907 | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | C | 20140715 | 20140716 | 1 |
| CVE-2014-4223 | RHSA-2014:0889 | Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483. | C | 20140715 | 20140716 | 1 |
| CVE-2014-4262 | RHSA-2014:0889 RHSA-2014:0907 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | C | 20140715 | 20140716 | 1 |
| CVE-2014-0429 | RHSA-2014:0675 RHSA-2014:0685 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | C | 20140610 | 20140610 | 0 |
| CVE-2014-0455 | RHSA-2014:0675 | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402. | C | 20140610 | 20140610 | 0 |
| CVE-2014-0456 | RHSA-2014:0675 RHSA-2014:0685 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | C | 20140610 | 20140610 | 0 |
| CVE-2014-0457 | RHSA-2014:0675 RHSA-2014:0685 | Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | C | 20140610 | 20140610 | 0 |
| CVE-2014-0461 | RHSA-2014:0675 RHSA-2014:0685 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | C | 20140610 | 20140610 | 0 |
| CVE-2014-1533 | RHSA-2014:0741 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | C | 20140610 | 20140610 | 0 |
| CVE-2014-1538 | RHSA-2014:0741 | Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | C | 20140610 | 20140610 | 0 |
| CVE-2014-1541 | RHSA-2014:0741 | Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. | C | 20140610 | 20140610 | 0 |
| CVE-2014-2397 | RHSA-2014:0675 RHSA-2014:0685 | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | C | 20140610 | 20140610 | 0 |
| CVE-2014-2421 | RHSA-2014:0675 RHSA-2014:0685 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | C | 20140610 | 20140610 | 0 |
Notes:
- This report is for illustrative purposes only and has been generated automatically. You are advised to check the report and data for accuracy if you are relying on it's contents
- The date an issue was first known to the public is based on data collected by Red Hat, Steven Christey, and third party researchers. The date an issue was fixed is parsed from data supplied by Red Hat Network with additional data from the archives of Red Hat mailing lists. The raw data is available
- The description (where supplied) is taken verbatim from the CVE dictionary.
- Dates are based on UTC timezone where possible. The actual time of day an advisory is released and issue is public is not taken into account, therefore some issues that say "1 day" are actually less than 24 hours. "0 day" means 'on the same date'.