CVE-2014-4616

CVE-2014-4616 affects Python’s json implementation: the scanstring function in the _json module (and in simplejson prior to 2.6.1) has an array index error that can be triggered by a negative idx in raw_decode. Affected: Python 2.7–3.5 and simplejson

CVE-2014-1528

CVE-2014-1528 affects Cairo/Pixman used by Firefox 28.0 and SeaMonkey 2.25 on Windows. The vulnerability is in sse2_composite_src_x888_8888 and is an out-of-bounds write, which the initial description states can enable remote arbitrary code execution or cause a denial of service (application cras...

CVE-2014-1489

Technical details for CVE-2014-1489 are not publicly available in the provided documents. Monitor for updates from vendors and vulnerability feeds.

CVE-2014-0081

CVE-2014-0081 affects Ruby on Rails: multiple XSS flaws in actionview/lib/action_view/helpers/number_helper.rb allow remote injection via format, negative_format, or units in number_to_currency, number_to_percentage, and number_to_human. Affected Rails versions: 3.2.x before 3.2.17, 4.0.x before ...

CVE-2012-0867

CVE-2012-0867 affects PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3. The vulnerability truncates the SSL certificate common name to 32 characters when verifying hostnames, enabling remote attackers to spoof connections if the hostname is exactly 32 characters. This is...

CVE-2014-1502

CVE-2014-1502 affects Mozilla Firefox (pre-28.0) and SeaMonkey (pre-2.25). The vulnerability arises in WebGL functions WebGL.compressedTexImage2D and WebGL.compressedTexSubImage2D, enabling remote attackers to bypass Same Origin Policy and render content from a different domain via unspecified ve...

CVE-2014-1498

CVE-2014-1498 : The vulnerability affects Mozilla Firefox before 28.0 and SeaMonkey before 2.25, where crypto.generateCRMFRequest fails to validate a specific key type. This can cause remote crashes/DoS via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algo...

CVE-2014-1542

CVE-2014-1542 refers to a buffer overflow in the Speex resampler within the Web Audio subsystem of Mozilla Firefox, exploitable via crafted AudioBuffer parameters to achieve remote code execution. The vulnerability affects Firefox prior to version 30.0. The provided connected documents corroborat...

CVE-2014-1500

CVE-2014-1500 affects Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25. The issue allows remote attackers to cause resource exhaustion and application hang via onbeforeunload events that trigger background JavaScript execution. Exploitation details are not provided in the available docum...

CVE-2013-5611

CVE-2013-5611 refers to Mozilla Firefox (pre-26.0) where an App Installation doorhanger isn’t properly removed, enabling a remote attacker to spoof a Web App installation site by timing page navigation. Connected sources confirm affected products and fixes: IBM/SONAS and IBM Storwize advisories l...

CVE-2014-1484

CVE-2014-1484 affects Mozilla Firefox on Android 4.2 and earlier, where system logs may contain profile paths, enabling a crafted application to access sensitive information. Connected docs reference the CVE within openSUSE Firefox ESR advisories and indicate fixes in later Firefox ESR updates (e...

CVE-2014-1499

CVE-2014-1499 affects Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25. The issue lets a remote attacker spoof the domain in the WebRTC camera or microphone permission prompts by triggering a navigation at a specific moment during prompt generation. This is caused by how the browser hand...

CVE-2014-3004

CVE-2014-3004 affects the Castor Library: the default configuration of the Xerces SAX Parser in Castor prior to version 1.3.3 allows XML External Entity (XXE) processing via crafted XML, enabling context-dependent attackers to disclose sensitive information. The issue is mitigated by upgrading Ca...

CVE-2014-0481

CVE-2014-0481 affects Django’s file upload handling. The issue arises when uploading files with conflicting names, where Django’s default sequential file-naming process can be exploited to cause a remote denial of service via CPU consumption. Affected Django versions per description: before 1.4.1...

CVE-2014-1494

CVE-2014-1494 concerns multiple memory-safety vulnerabilities in the browser engine of Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25, with remote denial of service or potential arbitrary code execution via unknown vectors. The connected docs confirm that these issues are part of MFSA ...

CVE-2011-4093

CVE-2011-4093 concerns libnet6 (net6) before version 1.3.14, where an integer overflow in inc/server.hpp could allow remote attackers to hijack connections and escalate privileges by exhausting descriptors and supplying the ID of another user. Public documents confirm the affected component (inc/...