Vulnerability & Exploit Database

Displaying entries 1 - 10 of 12 in total

Results for: CVE-2014-1565 Back to search

SUSE: CVE-2014-7810: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: June 07, 2015

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages u...

SUSE: CVE-2014-0230: SUSE Linux Security Advisory Vulnerability

  • Severity: 8
  • Published: June 07, 2015

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

RHSA-2015:1565: kernel-rt security, bug fix, and enhancement update Vulnerability

  • Severity: 7
  • Published: May 27, 2015

The kernel-rt packages contain the Linux kernel, the core of any Linuxoperating system.Red Hat would like to thank Nathan Hoad for reporting the CVE-2014-9715issue.The kernel-rt packages have been upgraded to version 3.10.0-229.11.1, whichprovides a number of bug fixes and enhancements over the previous version,including:(BZ#1234470)This...

SUSE: CVE-2014-0227: SUSE Linux Security Advisory Vulnerability

  • Severity: 6
  • Published: February 15, 2015

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource co...

USN-2330-1: Thunderbird vulnerabilities Vulnerability

  • Severity: 10
  • Published: September 03, 2014

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incor...

USN-2329-1: Firefox vulnerabilities Vulnerability

  • Severity: 10
  • Published: September 03, 2014

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incor...

SUSE Linux Security Advisory: SUSE-SU-2014:1100-1 Vulnerability

  • Severity: 10
  • Published: September 03, 2014

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incor...

SUSE: CVE-2014-1565: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: September 03, 2014

The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-b...

Oracle Solaris 11: CVE-2014-1565: Vulnerability in Firefox Vulnerability

  • Severity: 5
  • Published: September 03, 2014

The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-b...

Gentoo Linux: CVE-2014-1565: Mozilla Products: Multiple vulnerabilities Vulnerability

  • Severity: 5
  • Published: September 03, 2014

The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-b...