Vulnerabilities > Code
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-04-01 | CVE-2015-0805 | Code vulnerability in multiple products The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content. | 7.5 |
2015-03-31 | CVE-2014-9707 | Code vulnerability in Embedthis Goahead EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . | 7.5 |
2015-03-27 | CVE-2013-2184 | Code vulnerability in Sixapart Movable Type Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter. | 7.5 |
2015-03-26 | CVE-2015-2682 | Code vulnerability in Citrix Command Center 5.1/5.2 Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. | 5.0 |
2015-03-24 | CVE-2015-0817 | Code vulnerability in Mozilla Firefox, Firefox ESR and Seamonkey The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. | 6.8 |
2015-03-18 | CVE-2015-1084 | Code vulnerability in Apple Iphone OS and Safari The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. | 5.0 |
2015-02-24 | CVE-2013-7423 | Code vulnerability in multiple products The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. | 5.0 |
2015-02-03 | CVE-2015-1463 | Code vulnerability in multiple products ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." | 5.0 |
2015-02-02 | CVE-2015-1452 | Code vulnerability in Fortinet Fortios 5.0.7 The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages. | 7.8 |
2015-01-30 | CVE-2014-4498 | Code vulnerability in Apple mac OS X The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue. | 4.7 |