229 matches found
CVE-2016-5264
CVE-2016-5264 affects Mozilla Firefox (and Firefox ESR) with a use-after-free in nsNodeUtils::NativeAnonymousChildListChange when applying SVG effects. The vulnerability can allow remote code execution or cause a denial of service via heap memory corruption. It is described for Firefox versions p...
CVE-2018-17962
CVE-2018-17962 is a QEMU vulnerability: a buffer overflow in pcnet_receive() in hw/net/pcnet.c caused by an incorrect integer data type. The Initial Description confirms the flaw; connected Nessus advisories reference this CVE among other QEMU issues. The provided documents do not include the fix...
CVE-2021-3551
CVE-2021-3551 is described in connected documents as a vulnerability in the PKI-server where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This allows a local attacker to retrieve the log and obtain the admin password, enabling admin privile...
CVE-2016-1954
CVE-2016-1954 affects Mozilla Firefox and Firefox ESR. The flaw in nsCSPContext::SendReports allows a CSP violation report to specify a local file URL, potentially causing a denial of service (data overwrite) or privilege escalation. Affected versions: Firefox before 45.0 and Firefox ESR 38.x bef...
CVE-2016-4556
Squid 3.x before 3.5.18 and 4.x before 4.0.10 is vulnerable to a double-free in Esi.cc (related to processing Edge Side Includes) which can allow remote servers to trigger a Denial of Service (crash). The issue is confirmed across multiple advisories (e.g., Debian DSA-3625-1, CentOS/RH advisories...
CVE-2014-3673
The vulnerability CVE-2014-3673 affects the SCTP implementation in the Linux kernel up to version 3.17.2. A malformed ASCONF chunk can be sent by a remote attacker to trigger a denial of service (system crash). Affected components are net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. Remediat...
CVE-2016-1952
CVE-2016-1952 involves memory-safety vulnerabilities in the Firefox browser engine. Affected software: Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7. Root cause: memory-corruption/memory-safety bugs in the browser engine that can be triggered by parsing/processing malformed or craf...
CVE-2016-0546
CVE-2016-0546 is an unspecified vulnerability in Oracle MySQL Server components (Client) that, per vendor notes, could allow a local attacker to execute arbitrary code with elevated privileges due to a long name/buffer overflow in the mysqlshow utility. Affected: MySQL 5.5.46 and earlier, 5.6.27 ...
CVE-2016-0641
CVE-2016-0641 affects multiple MySQL/MariaDB lineages with a MyISAM-related vulnerability that can impact confidentiality and availability when untrusted local users access certain database components. Affected: Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, 5.7.10 and earlier; MariaDB befo...
CVE-2016-1935
CVE-2016-1935 : Buffer overflow in Mozilla Firefox’s BufferSubData function allows remote code execution via crafted WebGL content. Affected products: Firefox before 44.0 and Firefox ESR 38.x before 38.6. Root cause: buffer overflow while rendering WebGL content. Impact: remote code execution wit...
CVE-2016-2800
The Graphite 2 font rendering library is affected by CVE-2016-2800 and CVE-2016-2792. In Graphite 2, the vulnerability resides in graphite2::Slot::getAttr (Slot.cpp) and can be triggered when processing crafted Graphite fonts, as used by Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to...
CVE-2016-3550
CVE-2016-3550 is a OpenJDK/Hotspot related vulnerability that allows remote attackers to affect confidentiality by bypassing sandbox restrictions via Bytecode reading vulnerabilities in OpenJDK’s Hotspot component. The affected products and versions cited include Oracle Java SE 6u115, 7u101, 8u92...
CVE-2023-22024
CVE-2023-22024 affects the Unbreakable Enterprise Kernel (UEK) RDS module, where two setsockopt options (RDS_CONN_RESET and RDS6_CONN_RESET) are not re-entrant. A local attacker with CAP_NET_ADMIN can crash the kernel. Connected advisories (e.g., Oracle ELSA updates) indicate a security update ad...
CVE-2016-2837
In IBM Storwize V7000 Unified, CVE-2016-2837 affects Mozilla Firefox components embedded via ClearKey CDM in the EME API. A heap-based buffer overflow during video playback could allow remote code execution. Affected versions: 1.5.0.0–1.5.2.4. Remediation: upgrade to 1.5.2.5 or later. If no furth...
CVE-2015-8631
CVE-2015-8631 affects MIT Kerberos 5 (krb5) kadmind; a memory leak caused by the code path in kadmin/server/server_stubs.c can be triggered by a request with a NULL principal name. The issue, described as a denial of service via memory exhaustion, occurs in krb5 builds prior to 1.13.4 and in 1.14...
CVE-2016-1973
CVE-2016-1973 is a race condition in GetStaticInstance within Firefox’s WebRTC implementation that can cause a use-after-free in WebRTC components. The issue was found in Mozilla Firefox prior to version 45.0 (Firefox ESR references show similar concerns in the 38.x ESR line). Reported root cause...
CVE-2014-1737
CVE-2014-1737 affects the Linux kernel (through 3.14.3) and its floppy driver (drivers/block/floppy.c). The flaw is in raw_cmd_copyin not handling error conditions during processing of an FDRAWCMD ioctl, enabling local users with write access to /dev/fd to trigger kfree and potentially gain privi...
CVE-2016-1974
The CVE-2016-1974 issue affects Mozilla Firefox and Firefox ESR, where nsScannerString::AppendUnicodeTo can fail to verify memory allocation success, enabling a remote attacker to crash the browser or potentially execute arbitrary code via crafted Unicode data in HTML/XML/SVG. Affected versions a...
CVE-2016-1957
CVE-2016-1957 affects Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, where a memory leak in libstagefright during MPEG-4 processing can be triggered by an array deletion, potentially enabling a denial-of-service via memory consumption. Mitigations in the referenced advisories i...
CVE-2016-5259
CVE-2016-5259 : A use-after-free in the Mozilla Firefox function CanonicalizeXPCOMParticipant allows remote code execution via a script that closes its own Service Worker inside a nested sync event loop. Affected: Firefox before 48.0 and Firefox ESR 45.x before 45.3. Impact per sources: arbitrary...
CVE-2015-4816
CVE-2015-4816 affects Oracle MySQL Server 5.5.44 and earlier, where an unspecified InnoDB-related vulnerability allows remote authenticated users to affect availability via unknown vectors. The MiracleLinux advisories/NESSUS plugins reference CVE-2015-4816 among a broader set of MySQL/MariaDB iss...
CVE-2016-0644
CVE-2016-0644 is an unspecified local-vulnerability in Oracle MySQL/MariaDB affecting DDL paths that can impact availability. Public HOTFIXes exist: MariaDB 10.0.25 (per Debian DSA-3595-1) and MariaDB 5.5.50 (per CentOS CentOS-announce 2016:1602). IBM/PowerKVM advisories also reference this CVE w...
CVE-2016-4805
CVE-2016-4805 describes a use-after-free in the Linux kernel’s drivers/net/ppp/ppp_generic.c before 4.5.2. The flaw allows local attackers to trigger memory corruption and potential DoS (system crash) by removing a network namespace, related to ppp_register_net_channel and ppp_unregister_channel....
CVE-2016-6198
CVE-2016-6198 affects the Linux kernel (pre-4.5.5) in its OverlayFS path. The bug occurs when a file under OverlayFS is renamed to a self-hardlink, causing post-rename operations to run and potentially crash the kernel. Local users can trigger a denial of service (system crash) via a rename sysca...
CVE-2014-3687
The provided materials confirm CVE-2014-3687 affects the Linux kernel SCTP implementation (net/sctp/associola.c) up to version 3.17.2. The vulnerability allows remote attackers to cause a denial of service (panic) by sending duplicate ASCONF chunks, triggering an incorrect uncork within the side-...
CVE-2015-4861
CVE-2015-4861 is an unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, that allows remote authenticated users to affect availability via unknown InnoDB-related vectors. The connected advisories confirm this CVE among multiple MySQL-related flaws and indic...
CVE-2016-1966
CVE-2016-1966 affects Mozilla Firefox and Firefox ESR. The issue is a dangling pointer dereference in NPAPI handling (nsNPObjWrapper::GetNewOrUsed) in dom/plugins/base/nsJSNPRuntime.cpp, allowing a crafted NPAPI plugin to cause a remote crash or arbitrary code execution. Exploitation in the wild ...
CVE-2016-4053
CVE-2016-4053 in Squid allowed public information disclosure of the server stack layout when processing ESI responses. The issue is documented across multiple advisories (Debian, Red Hat/CentOS, Fedora, Amazon ALAS) with fixes in various branches: Debians fixed squid3 3.1.20-2.2+deb7u5; Jessie/St...
CVE-2014-3144
CVE-2014-3144 affects the Linux kernel up to 3.14.3. The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST implementations in the sk_run_filter function (net/core/filter.c) do not properly verify a length value, enabling a local attacker to trigger a denial of service via crafted BPF instruction...
CVE-2015-8391
PCRE library (libpcre) prior to 8.38 is affected by CVE-2015-8391 due to mishandling of certain [: nesting in pcre_compile.c, enabling remote attackers to trigger a denial of service (CPU consumption) via crafted regular expressions (as used by JavaScript RegExp objects in Konqueror). Affected pr...
CVE-2015-8629
The vulnerability CVE-2015-8629 affects MIT Kerberos 5 (krb5) kadmind: the xdr_nullstring function in kadm_rpc_xdr.c does not reliably verify presence of terminating '\0' in strings, allowing a remote authenticated user to trigger an out-of-bounds read that can disclose sensitive information or c...
CVE-2016-1961
CVE-2016-1961 is a use-after-free in Mozilla Firefox’s HTMLDocument::SetBody (dom/html/nsHTMLDocument.cpp) that could crash the browser and allow remote code execution. Affected products are Firefox before 45.0 and Firefox ESR 38.x before 38.7. The vulnerability stems from mishandling of the root...
CVE-2015-0239
CVE-2015-0239 affects the Linux kernel KVM emulation path (arch/x86/kvm/emulate.c). If a guest OS does not initialize SYSENTER MSRs, em_sysenter can trigger using a 16‑bit code segment to emulate SYSENTER, allowing a guest OS user to gain guest privileges or cause a guest crash. The vulnerability...
CVE-2016-5262
Mozilla Firefox prior to 48.0 and Firefox ESR 45.x prior to 45.3 are affected by an XSS flaw where event-handler attributes of a MARQUEE element inside a sandboxed iframe without sandbox="allow-scripts" are processed, enabling remote XSS via a crafted page. Affected product details and patch info...
CVE-2016-5263
CVE-2016-5263 affects Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3. The vulnerability arises from a type confusion in nsDisplayList::HitTest, which mishandles rendering display transformations and could allow a remote attacker to execute arbitrary code via a crafted website. Remed...
CVE-2015-4858
Technical details for CVE-2015-4858 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
CVE-2016-1930
CVE-2016-1930 affects Mozilla Firefox browser engine (and ESR 38.x) prior to 44.0/38.6, with memory-safety flaws that could lead to denial of service or remote code execution via unspecified vectors. The issue is documented across multiple advisories; affected products include Firefox, Iceweasel/...
CVE-2015-4802
Technical details about CVE-2015-4802 are not publicly provided in the supplied documents. Monitor for updates from vendor advisories and security databases to obtain explicit affected versions, impact, and remediation.
CVE-2015-4836
CVE-2015-4836 is an unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allowing remote authenticated users to affect availability via unknown vectors related to Server : SP. Affected products/versions are Oracle MySQL Server 5.5.x (<=5.5.45) and 5.6.x (
CVE-2016-2792
CVE-2016-2792 affects Graphite2 (graphite2) in Graphite font rendering used by Firefox
CVE-2016-5386
Summary: CVE-2016-5386 is the httpoxy vulnerability in Go’s net/http CGI handling up to Go 1.6, where untrusted data in the HTTP_PROXY environment variable could redirect a CGI app’s outbound traffic to an attacker-controlled proxy via a crafted Proxy header. This is triggered by namespace confli...
CVE-2015-4815
CVE-2015-4815 affects Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, with remote authenticated access potentially impacting availability via DDL-related vectors. The F5 advisory notes multiple MySQL vulnerabilities across BIG-IP family, describing exposure when MySQL is provisione...
CVE-2016-0640
CVE-2016-0640 is an unspecified MySQL/MariaDB server vulnerability affecting DML operations with partial integrity/availability impact. Public notices in 2016 (Debian DSA-3595, CentOS/CentOS-announce, Red Hat advisories) show fixes across MariaDB/MySQL branches (e.g., MariaDB 10.0.x and MySQL 5.5...
CVE-2016-1964
CVE-2016-1964 is a use-after-free in Mozilla Firefox’s AtomicBaseIncDec during XML transformation handling. Affects Firefox before 45.0 and Firefox ESR 38.x before 38.7; impact includes remote code execution or heap-based denial of service when processing certain XML transformations. The issue ca...
CVE-2015-1779
CVE-2015-1779 affects QEMU with the VNC websocket frame decoder. The issue allows a remote attacker to cause a denial of service by sending oversized websocket payloads or HTTP headers, exhausting CPU and memory. Impact is observed when an attacker accesses a guest’s VNC console over the network....
CVE-2016-0505
CVE-2016-0505 is an unspecified vulnerability in Oracle MySQL Server and MariaDB that could allow a remote authenticated user to cause a denial of service via unknown vectors related to Options. Affected versions include MySQL 5.5.46 and earlier, 5.6.27 and earlier, 5.7.9 and MariaDB before 5.5.4...
CVE-2016-1962
CVE-2016-1962 is a use-after-free in Mozilla Firefox’s mozilla::DataChannelConnection::Close, enabling remote code execution via mishandled WebRTC data-channel connections. Affected: Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7. Consequence: potentially exploitable crash with arbi...
CVE-2016-1965
Mozilla Firefox prior to 45.0 and Firefox ESR before 38.7 are affected by CVE-2016-1965, an address bar spoofing flaw triggered by history.back and the Location protocol. The vulnerability allows a remote attacker to spoof the displayed URL when users navigate back to a previously loaded page, po...
CVE-2015-0275
CVE-2015-0275 affects the Linux kernel ext4 subsystem: the ext4_zero_range function in fs/ext4/extents.c allows local users to trigger a denial of service via a crafted fallocate zero-range request. The linked MiracleLinux/Unity Linux Nessus entries reproduce this: the vulnerability is described ...
CVE-2016-0650
CVE-2016-0650 is described in the connected documents as an unspecified vulnerability in Oracle MySQL Server related to the Server: Replication component that could allow a local/remote attacker to impact availability (DoS). The public details indicate the issue affects MySQL/MariaDB families acr...