461 matches found
CVE-2010-4163
The CVE-2010-4163 issue affects the Linux kernel, where blk_rq_map_user_iov in block/blk-map.c is vulnerable before version 2.6.36.2. A local attacker can trigger a denial of service (kernel panic) by submitting a zero-length I/O request via a device ioctl to a SCSI device. The description explic...
CVE-2012-4201
CVE-2012-4201 is a concrete Firefox/XULRunner/Thunderbird/SeaMonkey vulnerability: the evalInSandbox path mishandles the context when processing JavaScript that sets location.href, enabling remote XSS or read access to arbitrary files via a sandboxed add-on. Affected software includes Mozilla Fir...
CVE-2012-5842
CVE-2012-5842 is a Mozilla Firefox browser engine vulnerability described as multiple unspecified vulnerabilities that can cause memory corruption leading to a crash or possibly remote code execution. Affected products/versions per description: Mozilla Firefox before 17.0, Firefox ESR 10.x before...
CVE-2014-1483
Technical details for CVE-2014-1483 are not publicly provided in the connected documents; sources reference the CVE but do not disclose affected products, versions, root cause, impact, or fixes. Monitor for updates.
CVE-2014-3467
GNUTLS/library libtasn1 vulnerability CVE-2014-3467 is due to multiple issues in the DER decoder of GNU Libtasn1 up to version 3.5.x (pre-3.6), exploited by crafted ASN.1 data to cause a denial of service via out-of-bounds read. The issue is confirmed in multiple advisories (F5 SOL15423, ALAS-201...
CVE-2014-6520
CVE-2014-6520 affects Oracle MySQL Server 5.5.38 and earlier. The vulnerability is described as unspecified and allows remote authenticated users to affect availability via vectors related to SERVER:DDL; impact is noted as partial availability. Connected sources list this CVE among MariaDB/MySQL-...
CVE-2014-6530
CVE-2014-6530 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier via CLIENT:MYSQLDUMP. Connected advisories reference CVE-2014-6530 and indicate remediation through upgrading MariaDB/MySQL components to fixed versions (e.g., MariaDB/MariaDB-Galera updates to 5.5.40 per RHSA adv...
CVE-2015-0382
CVE-2015-0382 is a remote-availability vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier, related to Server: Replication, separate from CVE-2015-0381. The connected advisories show multiple vendors/types referencing MySQL/MariaDB vulnerabilities with potential DoS or ...
CVE-2015-8551
CVE-2015-8551 affects the Xen PCI backend driver (pciback) when Xen runs on x86 with a Linux 3.1.x–4.3.x driver domain. The issue arises from missing sanity checks in XEN_PCI_OP_* operations, allowing a local guest administrator with access to a passed-through MSI/MSI-X PCI device to trigger BUG ...
CVE-2017-16232
CVE-2017-16232 affects LibTIFF 4.0.8, which is reported to have multiple memory‑leak vulnerabilities that can lead to memory exhaustion/DoS. The initial entry notes third parties could not reproduce the issue. Connected advisories reference LibTIFF-related CVEs and indicate that fixes exist in la...
CVE-2009-1072
CVE-2009-1072 affects the Linux kernel prior to 2.6.28.9. nfsd in the kernel does not drop the CAP_MKNOD capability before handling a user request in a thread, enabling local users on an exported filesystem using root_squash to create device nodes. MiracleLinux 3 lists this as fixed in kernel-2.6...
CVE-2010-2962
The CVE-2010-2962 issue affects the Intel i915 DRM GEM in the Linux kernel prior to 2.6.36. It arises from insufficient validation of pointers to memory blocks in i915_gem.c, enabling local users to write to kernel memory via crafted ioctl usage (pwrite/pread) and potentially gain privileges.
CVE-2012-3967
CVE-2012-3967 is a Firefox/WebGL vulnerability on Linux where the WebGL implementation fails to interact correctly with Mesa drivers when a large number of sampler uniforms are used. This can let remote attackers execute arbitrary code or cause a denial of service (stack memory corruption) via a ...
CVE-2012-5836
CVE-2012-5836 affects Mozilla Firefox (before 17.0), Mozilla Thunderbird (before 17.0), and SeaMonkey (before 2.14). The issue can allow remote code execution or an application crash when CSS properties are combined with SVG text, due to the root cause described by MFSA 2012-94. Public advisories...
CVE-2017-13084
CVE-2017-13084 describes a vulnerability in WPA/WPA2 where the Station-To-Station-Link (STK) key can be reinstalled during the PeerKey handshake. An attacker within wireless range may replay, decrypt, or spoof frames by exploiting STSL STK reinstallation. Public sources confirm this as part of th...
CVE-2010-3296
CVE-2010-3296 affects the Linux kernel driver cxgb3 (cxgb_extension_ioctl in drivers/net/cxgb3/cxgb3_main.c). The advisory states that the code path in kernels up to 2.6.36-rc5 does not properly initialize a structure member, allowing a local user to potentially read sensitive data from kernel st...
CVE-2010-3442
Technical details for CVE-2010-3442 are not publicly provided in the connected documents. The sources reference the CVE and affected kernel versions but do not describe exploitability, impact specifics, or fixes. Monitor for vendor advisories and updates.
CVE-2012-3992
CVE-2012-3992 affects Mozilla Firefox (and related Firefox-based apps) where history data is not properly handled. The flaw lets remote attackers perform cross-site scripting (XSS) or obtain sensitive POST content via a location.hash write operation combined with history navigation that loads a U...
CVE-2013-0747
Technical details for CVE-2013-0747 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2013-3802
CVE-2013-3802 affects Oracle MySQL server up to specific versions: 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier. The vulnerability is described as unspecified and allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Connected ...
CVE-2012-3994
Mode C: CVE-2012-3994 affects Mozilla Firefox family and related Mozilla components (e.g., Firefox, Firefox ESR, Thunderbird, SeaMonkey). Root cause: use of Object.defineProperty to shadow the top object and interaction with top.location, enabling remote XSS via a binary plugin. Affected versions...
CVE-2013-0752
Technical details for CVE-2013-0752 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
CVE-2010-4164
CVE-2010-4164 affects the Linux kernel prior to 2.6.36.2, where multiple integer underflows occur in the x25_parse_facilities function (net/x25/x25_facilities.c). This can allow a remote attacker to cause a denial of service (system crash) via malformed X.25 facility data (X25_FAC_CLASS_A/B/C/D)....
CVE-2014-6494
CVE-2014-6494 is an unspecified vulnerability in Oracle MySQL Server (affected: 5.5.39 and earlier; 5.6.20 and earlier) that can allow remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL. The IBM advisory lists the CVE among several issues affecting MySQL Server compon...
CVE-2015-0381
Technical details for CVE-2015-0381 are not publicly available in the provided documents. No specific affected products, versions, root cause, impact, or fixes are described here; monitor for updates.
CVE-2015-0797
CVE-2015-0797 affects GStreamer up to 1.4.4 (GStreamer 1.4.x) when used by Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux. The flaw is a buffer over-read in H.264 video data processing in the GStreamer pipeline (m4v files) that can cause a denial o...
CVE-2015-6855
CVE-2015-6855 affects QEMU, where hw/ide/core.c does not properly restrict ATAPI device commands. The flaw allows a guest user to cause a denial of service (and potentially other impact) by issuing certain IDE commands, demonstrated by a WIN_READ_NATIVE_MAX to an empty drive that triggers a divid...
CVE-2015-8567
CVE-2015-8567 describes a memory leak in the QEMU vmxnet3 device emulator (net/vmxnet3.c) that could allow a remote attacker to cause a denial of service via memory exhaustion. The vulnerability is part of multiple CVEs in QEMU; Debian security advisories report fixes in stable Jessie to version ...
CVE-2010-3848
CVE-2010-3848 is a Linux kernel vulnerability: a stack-based buffer overflow in econet_sendmsg (net/econet/af_econet.c) when Econet is configured, caused by handling a large number of iovec structures. This allows local privilege escalation. The flaw affects Linux kernels before 2.6.36.2 and is a...
CVE-2010-4072
CVE-2010-4072 affects the Linux kernel: the copy_shmid_to_user function in ipc/shm.c (pre-2.6.37-rc1) does not initialize a certain structure, enabling local users to leak potentially sensitive information from kernel stack memory via the shmctl interface and the old shm interface. Affected produ...
CVE-2010-4157
CVE-2010-4157 involves an integer overflow in the Linux kernel’s GDTH SCSI driver (gdth_ioctl_alloc/ioc_general) on 64-bit platforms. A 32/64-bit mismatch when handling a large argument in an ioctl can cause memory corruption, enabling a local user to trigger a denial of service (and potentially ...
CVE-2012-4213
The CVE-2012-4213 issue is a concrete use-after-free vulnerability in Mozilla codepath: nsEditor::FindNextLeafNode affects Firefox and related products. Affected components per the initial description are Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14, with remote...
CVE-2012-5841
CVE-2012-5841 affects Mozilla Firefox (before 17.0), Firefox ESR (10.x before 10.0.11), Thunderbird (before 17.0), Thunderbird ESR (before 10.0.11) and SeaMonkey (before 2.14). The issue arises from cross-origin wrappers with a filtering behavior that fails to restrict write actions, enabling rem...
CVE-2013-0756
CVE-2013-0756 corresponds to a use-after-free in Mozilla Firefox’s obj_toSource path that can be triggered by a crafted web page referencing JavaScript Proxy objects, allowing remote code execution via standard web-visit attack vectors. Affected products include Firefox (pre-18.0), Firefox ESR 17...
CVE-2013-3812
CVE-2013-3812 affects Oracle MySQL Server prior to 5.5.31 and 5.6.11, where an unspecified vulnerability in Server Replication allows remote authenticated users to affect availability via unknown vectors. The information explicitly cites availability impact (PARTIAL) but vectors and root cause ar...
CVE-2013-5614
Affected software: Mozilla Firefox <= 25.x/26.0 and SeaMonkey
CVE-2014-1502
CVE-2014-1502 affects Mozilla Firefox (pre-28.0) and SeaMonkey (pre-2.25). The vulnerability arises in WebGL functions WebGL.compressedTexImage2D and WebGL.compressedTexSubImage2D, enabling remote attackers to bypass Same Origin Policy and render content from a different domain via unspecified ve...
CVE-2014-6464
CVE-2014-6464 is an unspecified vulnerability in Oracle MySQL Server affecting 5.5.39 and earlier and 5.6.20 and earlier, allowing remote authenticated users to affect availability via SERVER:INNODB DML FOREIGN KEYS. The CVSS Base Score is 4.0 (MEDIUM). Affected advisories and vendors indicate re...
CVE-2014-6496
CVE-2014-6496 affects Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier, via CLIENT:SSL:yaSSL, causing availability issues (remote, unauthenticated). Affects MySQL Server component CLIENT:SSL:yaSSL; root cause is unspecified in the provided text. Public details across connected source...
CVE-2014-6555
CVE-2014-6555 is a MySQL Server vulnerability (affecting 5.5.39 and earlier and 5.6.20 and earlier) that allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. The connected sources identify a package-wide remediation: upgrade t...
CVE-2010-4083
CVE-2010-4083 affects the Linux kernel (pre-2.6.36). The vulnerable code path is copy_semid_to_user() in ipc/sem.c, where a structure is not initialized, enabling local attackers to leak kernel stack memory via semctl commands (IPC_INFO, SEM_INFO, IPC_STAT, SEM_STAT). The issue is mitigated by up...
CVE-2014-4243
CVE-2014-4243 affects the MySQL Server component (Oracle MySQL) prior to 5.5.35 and 5.6.15. The vulnerability could allow remote authenticated users to affect availability via ENFED-related vectors. Open-source/integrated advisories reference MariaDB/RHEL/SUSE mitigations; remediation in these co...
CVE-2014-6505
CVE-2014-6505 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier, via a vulnerability in the SERVER:MEMORY STORAGE ENGINE that can impact availability when exploited by remote authenticated users. Public advisories (RHSA-2014-1940/1862 and related Red Hat notes) indicate fixes ...
CVE-2015-0432
CVE-2015-0432 is listed against Oracle/MySQL/MariaDB 5.5.x in multiple advisories. Public details in connected docs show fixes in 5.5.41 (RHSA-2015:0117) and 5.5.45 (ELSA-2015-1628/CentOS-CE), indicating a vulnerability affecting MySQL/MariaDB server components related to InnoDB/DDL-Foreign Key; ...
CVE-2010-3849
CVE-2010-3849 affects the Linux kernel’s econet_sendmsg path (net/econet/af_econet.c) prior to 2.6.36.2, when an Econet address is configured. A local user can trigger a denial of service by issuing a sendmsg with a NULL remote address, causing a NULL pointer dereference and OOPS. The correspondi...
CVE-2014-1480
Technical details about CVE-2014-1480 are not publicly provided in the connected documents. The available description notes a clickjacking/ unintended file launch issue in Firefox/SeaMonkey, but specifics (affected versions, root cause, exploitability, and fixes) are not included.
CVE-2014-4207
CVE-2014-4207 is described as an unspecified vulnerability in the MySQL Server component affecting Oracle MySQL 5.5.37 and earlier, enabling remote authenticated users to impact availability via the SROPTZR vector. Connected sources map the issue to MariaDB/MariaDB Galera contexts as well, with r...
CVE-2015-2697
CVE-2015-2697 affects MIT Kerberos 5 (krb5) prior to 1.14. The issue is triggered via a remote authenticated TGS request where the realm field starts with a null byte, enabling an out-of-bounds condition that can crash the KDC (denial of service). The connected document confirms the vulnerability...
CVE-2010-2959
The CVE-2010-2959 issue affects the Linux kernel CAN subsystem, specifically the can/bcm.c implementation, due to an integer overflow vulnerability. This flaw can allow local attackers to execute arbitrary code or cause a system crash (DoS) via crafted CAN traffic. Public advisories confirm vulne...
CVE-2012-1097
CVE-2012-1097 affects the Linux kernel before 3.2.10, where the regset (register set) path mishandles absence of .get/.set methods. This can allow a local attacker to trigger a NULL pointer dereference via PTRACE_GETREGSET or PTRACE_SETREGSET, possibly causing denial of service or other impact. R...