Vulnerabilities > Code
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-08 | CVE-2015-1799 | Code vulnerability in NTP The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. | 4.3 |
| 2015-04-01 | CVE-2015-2751 | Code vulnerability in multiple products Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. | 7.1 |
| 2015-04-01 | CVE-2015-0812 | Code vulnerability in multiple products Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain. | 4.3 |
| 2015-04-01 | CVE-2015-0808 | Code vulnerability in multiple products The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors. | 5.0 |
| 2015-04-01 | CVE-2015-0806 | Code vulnerability in multiple products The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors that trigger rendering of 2D graphics content. | 7.5 |
| 2015-04-01 | CVE-2015-0805 | Code vulnerability in multiple products The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content. | 7.5 |
| 2015-03-31 | CVE-2014-9707 | Code vulnerability in Embedthis Goahead EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . | 7.5 |
| 2015-03-27 | CVE-2013-2184 | Code vulnerability in Sixapart Movable Type Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter. | 7.5 |
| 2015-03-26 | CVE-2015-2682 | Code vulnerability in Citrix Command Center 5.1/5.2 Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. | 5.0 |
| 2015-03-18 | CVE-2015-1084 | Code vulnerability in Apple Iphone OS and Safari The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. | 5.0 |