Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Linux
(Oracle)Repositories |
• https://github.com/torvalds/linux
• https://github.com/libarchive/libarchive • https://github.com/file/file • https://github.com/krb5/krb5 • https://github.com/apache/httpd |
#Vulnerabilities | 224 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2016-03-13 | CVE-2016-1964 | Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. | Firefox, Thunderbird, Leap, Opensuse, Linux, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-1965 | Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. | Firefox, Opensuse, Linux | 4.3 | ||
2016-03-13 | CVE-2016-1966 | The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. | Firefox, Thunderbird, Opensuse, Linux | 8.8 | ||
2016-03-13 | CVE-2016-1977 | The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. | Firefox, Leap, Opensuse, Linux, Graphite2, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-2791 | The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | Firefox, Leap, Opensuse, Linux, Graphite2, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-2790 | The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. | Firefox, Leap, Opensuse, Linux, Graphite2, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-2792 | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. | Firefox, Leap, Opensuse, Linux, Graphite2, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-2793 | CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | Firefox, Leap, Opensuse, Linux, Graphite2, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-2794 | The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | Firefox, Leap, Opensuse, Linux, Graphite2, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-2795 | The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. | Firefox, Leap, Opensuse, Linux, Graphite2, Linux_enterprise | 8.8 |