U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 51 matching records.
Displaying matches 41 through 51.
Vuln ID Summary CVSS Severity
CVE-2016-1960

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.

Published: March 13, 2016; 2:59:09 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-1958

browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.

Published: March 13, 2016; 2:59:07 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1957

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.

Published: March 13, 2016; 2:59:06 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1954

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.

Published: March 13, 2016; 2:59:03 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-1952

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: March 13, 2016; 2:59:01 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-1950

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

Published: March 13, 2016; 2:59:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2013-4312

The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.

Published: February 07, 2016; 10:59:00 PM -0500
V3.0: 6.2 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-1935

Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.

Published: January 31, 2016; 1:59:03 PM -0500
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1930

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: January 31, 2016; 1:59:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.

Published: December 16, 2015; 10:59:01 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-2922

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Published: May 27, 2015; 6:59:06 AM -0400
V3.x:(not available)
V2.0: 3.3 LOW