CVE-2012-1954

Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service heap memory...

CVE-2012-1958

Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vecto...

Buffer overflow

Buffer overflow in the exifentryformatvalue function in exif-entry.c in the EXIF Tag Parsing Library aka libexif 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image...

Code injection

Off-by-one error in the exifconvertutf16toutf8 function in exif-entry.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image...

CVE-2012-2814

CVE-2012-2814 is a buffer overflow in libexif 0.6.20 (exif_entry_format_value in exif-entry.c) that allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags. Connected advisories confirm this flaw across packages (libexif) and note that fixes w...

CVE-2012-2814

Buffer overflow in the exifentryformatvalue function in exif-entry.c in the EXIF Tag Parsing Library aka libexif 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image...

CVE-2012-2840

Off-by-one error in the exifconvertutf16toutf8 function in exif-entry.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image...

Buffer overflow

Buffer overflow in the Cisco WebEx Recording Format WRF player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted...

CVE-2012-1616

Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted ICC profile file...

CVE-2011-2512

The virtioqueuenotify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service guest crash and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed...

Double free

The pciejwrite function in hw/acpipiix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service guest crash and possibly execute arbitrary code by sendin...

CVE-2012-1616

Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted ICC profile file...

CVE-2011-1751

The pciejwrite function in hw/acpipiix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service guest crash and possibly execute arbitrary code by sendin...

CVE-2012-1616

CVE-2012-1616 is a use-after-free in icclib < 2.13, used by Argyll CMS

CVE-2012-1616

Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted ICC profile file...

CVE-2011-3671

Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element...

CVE-2012-2090

Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to 1...

CVE-2012-2091

Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a 1 long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in...

CVE-2012-0212

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument...

CVE-2012-0211

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original .orig source tarball of a source package...