461 matches found
CVE-2013-0754
CVE-2013-0754 is a use-after-free in the ListenerManager of Mozilla Firefox (and related Firefox ESR, Thunderbird, SeaMonkey). According to the description, triggering garbage collection after memory allocation for listener objects can allow a remote attacker to execute arbitrary code. Affected p...
CVE-2016-4956
ntpd (NTP 4.x) before 4.2.8p8 is vulnerable to DoS via a spoofed broadcast packet, triggering interleaved-mode transitions and time changes. This exists due to an incomplete fix for CVE-2016-1548. Exploitation can disrupt time synchronization, with public advisories linking the issue to broadcast...
CVE-2013-2555
CVE-2013-2555 : Integer overflow in Adobe Flash Player (Windows, macOS, Linux) and Adobe AIR prior to specific builds allows remote code execution via unspecified vectors; affected versions include Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows/Mac, before 10.3.183.75 and...
CVE-2014-3917
CVE-2014-3917 affects the Linux kernel up to 3.14.5, specifically kernel/auditsc.c when CONFIG_AUDITSYSCALL is enabled with certain syscall rules. Local users can obtain sensitive single-bit values from kernel memory or trigger a denial of service (OOPS) by using a large syscall number. Exploitat...
CVE-2014-9585
CVE-2014-9585 affects Linux kernels up to 3.18.2. The vdso_addr code in arch/x86/vdso/vma.c can misselect vDSO memory, enabling local users to bypass ASLR by guessing a PMD-end location. Exploitation details and patches/fixes are not provided in the connected documents; monitor advisories for rem...
CVE-2013-0648
Adobe Flash Player contains a code execution vulnerability in the ExternalInterface ActionScript pathway. Affected versions include Windows/Mac builds prior to 10.3.183.67 and 11.x prior to 11.6.602.171, and Linux builds prior to 10.3.183.67 and 11.x prior to 11.2.202.273. Exploitation could occu...
CVE-2012-2035
The CVE-2012-2035 entry concerns a stack-based buffer overflow in Adobe Flash Player (Windows/macOS/Linux) and Adobe AIR that enables arbitrary code execution via unspecified vectors. Connected advisories (OpenVAS/Nessus entries and vendor bulletins) corroborate that multiple Flash Player vulnera...
CVE-2015-2738
CVE-2015-2738 affects Mozilla Firefox (before 39.0; ESR 31.x before 31.8 and 38.x before 38.1) and Thunderbird (before 38.1). The issue is a read from uninitialized memory in YCbCrImageDataDeserializer::ToDataSourceSurface, with unspecified impact and attack vectors. No remediation details are pr...
CVE-2016-5244
CVE-2016-5244 affects the Linux kernel and involves the function rds_inc_info_copy in net/rds/recv.c not initializing a structure member. This can enable a remote attacker to read sensitive information from kernel stack memory by processing an RDS message, with impact described as kernel informat...
CVE-2013-0750
CVE-2013-0750 is a high-severity vulnerability in Mozilla’s JavaScript engine where an integer overflow during string concatenation can lead to heap-based memory corruption and remote code execution. Affected products include Firefox prior to 18.0 (and ESR branches), Thunderbird prior to 17.0.2, ...
CVE-2010-4180
OpenSSL vulnerability CVE-2010-4180 affects OpenSSL versions before 0.9.8q and 1.0.x before 1.0.0c when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. The flaw allows remote attackers to modify the ciphersuite in the session cache, enabling a downgrade to an unintended cipher by sniffing net...
CVE-2015-2573
CVE-2015-2573 is an unspecified vulnerability in Oracle MySQL Server (affecting 5.5.41 and earlier; 5.6.22 and earlier) that could allow remote authenticated users to affect availability via DDL-related vectors. The connected documents confirm this CVE appears in multiple security advisories acro...
CVE-2012-2039
CVE-2012-2039 affects Adobe Flash Player prior to 10.3.183.20 and 11.x prior to 11.3.300.257 on Windows/Mac; prior to 10.3.183.20 and 11.x prior to 11.2.202.236 on Linux; prior to 11.1.111.10 on Android 2.x/3.x; prior to 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610. The vulnerabilit...
CVE-2013-0757
CVE-2013-0757 affects Mozilla Firefox (and related Mozilla-based apps) via a Chrome Object Wrapper (COW) bypass that allows changing the prototype of an object, enabling arbitrary code execution with chrome privileges. The SUSE/openSUSE and Gentoo/Nessus summaries map this to MFSA 2013-14 and lis...
CVE-2015-0433
The CVE-2015-0433 entry concerns an unspecified vulnerability in Oracle MySQL Server (affected versions: 5.5.41 and earlier; 5.6.22 and earlier) that could allow remote authenticated users to affect availability via InnoDB : DML. Connected advisories from Debian, CentOS, Gentoo, and IBM/Tivoli sh...
CVE-2015-2568
CVE-2015-2568 affects Oracle MySQL Server 5.5.41 and earlier and 5.6.22 and earlier. The vulnerability is described as unspecified with impact to availability, due to issues in the Server : Security : Privileges area. The provided sources indicate a remote attacker could cause a denial of service...
CVE-2012-1970
CVE-2012-1970 affects Mozilla Firefox before 15.0, Thunderbird before 15.0, ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The issue stems from multiple unspecified vulnerabilities in the browser engine that can allow remote attackers to cause memory corruption and application crashes or pote...
CVE-2016-4955
CVE-2016-4955 affects ntpd (NTP 4.x) prior to 4.2.8p8. When autokey is enabled, a remote attacker can cause a denial of service by sending a spoofed CRYPTO_NAK packet or a packet with an incorrect MAC at a specific time, which can trigger autokey association reset. Cloud/OS advisories confirm thi...
CVE-2014-9761
The CVE-2014-9761 issue affects the GNU C Library (glibc) prior to 2.23. It involves stack-based buffer overflows in the nan, nanf, and nanl functions caused by long arguments, which could lead to denial of service or potentially arbitrary code execution. Mitigation in the provided documents reco...
CVE-2013-0748
CVE-2013-0748 affects Mozilla Firefox (before 18.0 and ESR 10.x before 10.0.12, and 17.x before 17.0.2), Thunderbird (before 17.0.2, ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The flaw is in XBL.proto .toString, where calling toString on an XBL object can leak a...
CVE-2012-1976
CVE-2012-1976 refers to a Use-after-free in Mozilla Firefox’s nsHTMLSelectElement::SubmitNamesValues. Affected products include Firefox before 15.0, Firefox ESR before 10.0.7 (10.x), Thunderbird before 15.0, Thunderbird ESR before 10.0.7, and SeaMonkey before 2.12. Impact per the description is r...
CVE-2012-3990
CVE-2012-3990 is a use-after-free vulnerability in the IME State Manager implementation of Mozilla Firefox and related Mozilla products. Affected versions include Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before...
CVE-2013-0800
CVE-2013-0800 : An integer signedness error in the pixman_fill_sse2 function (pixman-sse2.c) used by Cairo and shipped with Mozilla Firefox and related products allows a remote attacker to trigger an out-of-bounds write via crafted values (negative box boundary or negative box size). This affects...
CVE-2014-8160
CVE-2014-8160 : In the Linux kernel, net/netfilter/nf_conntrack_proto_generic.c before 3.18 generates incorrect conntrack entries when handling certain iptables rule sets for SCTP, DCCP, GRE, and UDP-Lite. This can allow remote attackers to bypass intended access restrictions by sending packets w...
CVE-2015-2575
CVE-2015-2575 is described in connected docs as an unspecified vulnerability in Oracle MySQL Connector/J (MySQL Connectors component) affecting MySQL 5.1.34 and earlier, allowing remote authenticated users to affect confidentiality and integrity via unknown vectors. The connected materials do not...
CVE-2015-3209
CVE-2015-3209 : Heap-based buffer overflow in the QEMU PCNET network device allows remote code execution via crafted packet sequences (TXSTATUS_STARTPACKET then TXSTATUS_DEVICEOWNS). This is a QEMU vulnerability discussed in multiple advisories (notably Arista/Security Advisory 0013 and F5/Multi-...
CVE-2018-19543
CVE-2018-19543 affects JasPer 2.0.14. The issue is a heap-based buffer over-read of size 8 in jp2_decode (libjasper/jp2/jp2_dec.c). Exploitation details, impact, affected platforms, and fixes are not provided beyond this description in the initial document. References to Jasper-related advisories...
CVE-2010-2753
CVE-2010-2753 affects Mozilla Firefox (3.5.x before 3.5.11; 3.6.x before 3.6.7), Thunderbird (3.0.x before 3.0.6; 3.1.x before 3.1.1), and SeaMonkey before 2.0.6. Root cause: integer overflow in the XUL tree selection attribute can trigger a use-after-free when handling a large selection in a XUL...
CVE-2014-4258
CVE-2014-4258 affects the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier, enabling remote authenticated users to impact confidentiality, integrity, and availability via SRINFOSC. Contained in multiple advisories; mitigations include upgrading MariaDB/Mysql-relate...
CVE-2012-1972
CVE-2012-1972 is a use-after-free in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox, with remote code execution/denial of service via heap memory corruption. Affected products/versions include Firefox prior to 15.0, Firefox ESR 10.x prior to 10.0.7, and Thunderbird prior ...
CVE-2013-0744
CVE-2013-0744 is a use-after-free in the TableBackgroundPainter::TableBackgroundData::Destroy function of Mozilla Firefox prior to 18.0 (and Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2), Thunderbird prior to 17.0.2/ESR 10.x before 10.0.12/17.x before 17.0.2, and SeaMonkey prior to 2.15...
CVE-2014-1737
CVE-2014-1737 affects the Linux kernel (through 3.14.3) and its floppy driver (drivers/block/floppy.c). The flaw is in raw_cmd_copyin not handling error conditions during processing of an FDRAWCMD ioctl, enabling local users with write access to /dev/fd to trigger kfree and potentially gain privi...
CVE-2016-0642
CVE-2016-0642 affects Oracle MySQL Server releases prior to 5.5.49/5.6.30/5.7.x (as cited in multiple advisories). Description: an unspecified vulnerability in the Federated component may lead to integrity and availability impact for local users. Connected sources confirm affected versions (5.5.4...
CVE-2010-0395
CVE-2010-0395 affects OpenOffice.org 2.x/3.0 up to 3.2.0.x; a crafted OpenDocument Text file can bypass Python macro security restrictions and cause remote code execution by a user-assisted action when the macro directory is previewed. The underlying issue is insufficient enforcement of Python ma...
CVE-2014-5077
CVE-2014-5077 affects the Linux kernel’s SCTP code: the function sctp_assoc_update in net/sctp/associola.c (affected in kernel builds up to 3.15.8) can be triggered when SCTP authentication is enabled. An attacker can cause a denial of service via a NULL pointer dereference and kernel OOPS by ini...
CVE-2016-2782
CVE-2016-2782 : In the Linux kernel, the treo_attach function in drivers/usb/serial/visor.c (pre-4.5) can be exploited by a physically proximate attacker who inserts a USB device missing a bulk-in or interrupt-in endpoint, causing a NULL pointer dereference and kernel crash (DoS) or possibly othe...
CVE-2010-3876
CVE-2010-3876 affects the Linux kernel: the code path net/packet/af_packet.c in kernel versions before 2.6.37-rc2 does not properly initialize certain structure members, allowing local users with CAP_NET_RAW to read copies of the applicable structures from kernel stack memory. Publicly document d...
CVE-2010-4158
The CVE-2010-4158 issue affects the Linux kernel (pre-2.6.36.2) where sk_run_filter in net/core/filter.c may execute BPF_S_LD_MEM or BPF_S_LDX_MEM before a memory location is initialized. This can allow local users to read potentially sensitive kernel stack memory via a crafted socket filter. The...
CVE-2015-4830
CVE-2015-4830 corresponds to an unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier. The description states remote authenticated users can affect integrity via unknown vectors related to Server:Security:Privileges. Connected documents (F5/K59010802 advisory,...
CVE-2016-9398
CVE-2016-9398 affects JasPer: the jpc_floorlog2 function in jpc_math.c is vulnerable in versions before 1.900.17, allowing remote attackers to trigger a denial of service (assertion failure) via unspecified vectors. Connected documents confirm the affected component and impact; no remediation det...
CVE-2012-4194
The CVE-2012-4194 issue affects Mozilla Firefox and related Mozilla components where the valueOf shadowing of the location object (window.location) enables cross-site scripting via plugin vectors. Affected software and versions (stated in the provided sources) include: Mozilla Firefox before 16.0...
CVE-2015-0441
CVE-2015-0441 is an unspecified remote-authenticated vulnerability in Oracle MySQL Server 5.5.x (and earlier) affecting availability via unknown vectors in Server: Security: Encryption. Connected advisories confirm this CVE appears in multiple upstream/security notices and requires upgrading MySQ...
CVE-2013-0746
CVE-2013-0746 affects Mozilla products including Firefox (before 18.0), Firefox ESR (before 10.0.12 and 17.x before 17.0.2), Thunderbird (before 17.0.2, and ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The issue is a quickstubs/jsval return-value handling flaw tha...
CVE-2015-0501
CVE-2015-0501 is a MySQL Server vulnerability affecting 5.5.42 and earlier and 5.6.23 and earlier, where an unspecified issue in Server: Compiling could allow a remote authenticated user to disrupt availability. The connected documents confirm that exploitation details are not provided, and the a...
CVE-2015-8779
CVE-2015-8779 affects the GNU C Library (glibc). The vulnerability is a stack-based buffer overflow in the catopen() function when handling long catalog names, which can cause an application crash (DoS) or potentially allow arbitrary code execution. Affected products include glibc releases prior ...
CVE-2012-3960
CVE-2012-3960 is a use-after-free in mozSpellChecker::SetCurrentDictionary that affects Mozilla Firefox <15.0, Firefox ESR <10.0.7, Thunderbird <15.0 / ESR, and SeaMonkey
CVE-2010-4073
CVE-2010-4073 affects the Linux kernel IPC compatibility code: before 2.6.37-rc1, several compat syscall handlers (ipc/compat.c and ipc/compat_mq.c) fail to initialize certain structures, enabling local attackers to read potentially sensitive kernel stack memory via vectors in compat_sys_semctl, ...
CVE-2012-3972
CVE-2012-3972 affects the XSLT format-number functionality in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The vulnerability allows remote attackers to obtain sensitive information via unspecif...
CVE-2017-5898
CVE-2017-5898 affects Quick Emulator (QEMU) when built with CCID Card device emulator support. The vulnerability is an integer overflow in the emulated_apdu_from_guest function (usb/dev-smartcard-reader.c) that allows a local user to crash the QEMU host process by sending a large APDU unit, causi...
CVE-2012-0442
CVE-2012-0442 covers multiple memory-safety vulnerabilities in the Mozilla browser engine affecting Firefox before 3.6.26 and 4.x–9.0, Thunderbird before 3.1.18 and 5.0–9.0, and SeaMonkey before 2.7. The issues can cause memory corruption, application crashes, or potentially remote code execution...