461 matches found
CVE-2012-3984
CVE-2012-3984 affects Mozilla Firefox (<16.0), Mozilla Thunderbird (<16.0), and SeaMonkey (
CVE-2012-3995
CVE-2012-3995 affects Mozilla Firefox and related Mozilla applications. The vulnerability arises from the IsCSSWordSpacingSpace function in Firefox (and Firefox ESR 10.x, Thunderbird, SeaMonkey as listed) where an out-of-bounds read could be exploited to run arbitrary code or trigger a denial-of-...
CVE-2013-5619
CVE-2013-5619 describes a vulnerability in Mozilla’s SpiderMonkey JavaScript engine where the binary-search implementation could overflow, potentially enabling a remote attacker to cause a denial of service via crafted JavaScript. The initial Mozilla/OpenSUSE/IBM advisories confirm this is a Java...
CVE-2013-6672
CVE-2013-6672: Firefox (Linux) and SeaMonkey are affected by a Linux clipboard information disclosure via middle-click paste. The initial entry specifies Firefox < 26.0 and SeaMonkey
CVE-2009-3612
CVE-2009-3612 affects the Linux kernel’s net/sched/cls_api.c tcf_fill_node in the netlink subsystem. The issue is that a tcm__pad2 structure member is not initialized, potentially allowing local attackers to read sensitive kernel memory. Affected: kernel 2.6.x prior to 2.6.32-rc5 and 2.4.37.6 and...
CVE-2012-1938
CVE-2012-1938 affects Mozilla's browser engine and is described in the MiracleLinux AXSA:2012-857 advisory as multiple vulnerabilities in Firefox (and related components) that could allow memory corruption and remote code execution. Specifically, it impacts Mozilla Firefox before 13.0, Thunderbir...
CVE-2012-3976
CVE-2012-3976 affects Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The issue arises from improper handling of onLocationChange events when navigating between https sites, allowing remote attackers to spoof the X.509 certificate information in the address...
CVE-2012-3988
CVE-2012-3988 is a use-after-free vulnerability in Mozilla Firefox (pre-16.0), Firefox ESR (pre-10.0.8), Thunderbird (pre-16.0), Thunderbird ESR (pre-10.0.8), and SeaMonkey (pre-2.13). It can be triggered via mozRequestFullScreen with full-screen mode and navigation via history.back, potentially ...
CVE-2013-0762
CVE-2013-0762 is a use-after-free in imgRequest::OnStopFrame affecting Mozilla Firefox prior to 18.0 (and ESR 10.x before 10.0.12, ESR 17.x before 17.0.1), Thunderbird prior to 17.0.2, and SeaMonkey prior to 2.15. It can allow remote code execution or a denial of service via heap memory corruptio...
CVE-2014-1504
CVE-2014-1504 affects Mozilla Firefox (pre-28.0) and SeaMonkey (pre-2.25). The session-restore feature does not honor the CSP of data: URLs, enabling remote XSS via a crafted document opened after a browser restart. The impact stated is cross-site scripting with partial integrity/complete confide...
CVE-2014-4287
CVE-2014-4287 describes an unspecified vulnerability in Oracle MySQL Server, affecting versions 5.5.38 and earlier and 5.6.19 and earlier, that allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS. The description indicates the issue is focused on ...
CVE-2010-3437
The vulnerability CVE-2010-3437 affects the Linux kernel (before 2.6.36-rc6) in pkt_find_dev_from_minor within drivers/block/pktcdvd.c. A crafted index value passed via PKT_CTRL_CMD_STATUS ioctl can cause a signedness error, enabling local attackers to read kernel memory or trigger a crash (DoS)....
CVE-2013-3301
CVE-2013-3301 affects the Linux kernel ftrace implementation up to version before 3.8.8. Local users with CAP_SYS_ADMIN can write to either set_ftrace_pid or set_graph_function and trigger an lseek, leading to a NULL pointer dereference and possible system crash or other impact. Multiple connecte...
CVE-2013-3783
CVE-2013-3783 affects the MySQL Server component in Oracle MySQL 5.5.31 and earlier. The vulnerability is described as unspecified and allows remote authenticated users to affect availability via unknown vectors related to the Server Parser. Connected sources reference this CVE within broader Ora...
CVE-2013-6673
Technical details about CVE-2013-6673 are not publicly available in the provided connected documents; monitor for updates.
CVE-2014-7815
CVE-2014-7815 affects the QEMU component: the function set_pixel_format in ui/vnc.c can be triggered remotely to crash the QEMU process (DoS) by sending a small value for bytes_per_pixel. The vulnerability is explicitly documented in multiple advisories and patches were issued in openSUSE/SUSE se...
CVE-2012-3989
CVE-2012-3989 affects Mozilla Firefox (and related Mozilla products) prior to version 16.0, Thunderbird prior to 16.0, and SeaMonkey prior to 2.13. The vulnerability is a crash caused by an invalid cast when using the instanceof operator on certain JavaScript objects, which could allow remote att...
CVE-2014-1485
CVE-2014-1485 affects Mozilla Firefox (prior to 27.0) and SeaMonkey (prior to 2.24). The CSP implementation in these browsers evaluates style-src directives for XSLT processing rather than script-src, potentially allowing remote attackers to execute arbitrary XSLT code through insufficient style-...
CVE-2014-1498
CVE-2014-1498 : The vulnerability affects Mozilla Firefox before 28.0 and SeaMonkey before 2.25, where crypto.generateCRMFRequest fails to validate a specific key type. This can cause remote crashes/DoS via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algo...
CVE-2014-1500
CVE-2014-1500 affects Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25. The issue allows remote attackers to cause resource exhaustion and application hang via onbeforeunload events that trigger background JavaScript execution. Exploitation details are not provided in the available docum...
CVE-2007-6206
CVE-2007-6206 affects the Linux kernel (2.4.x and 2.6.x up to 2.6.24-rc3). The issue lies in the do_coredump function in fs/exec.c, where the core dump file’s UID is not changed if a core dump already exists in the same location when a root-owned process dumps a core. This behavior could allow a ...
CVE-2009-0834
The CVE-2009-0834 issue affects the Linux kernel up to 2.6.28.7 on x86_64, where audit_syscall_entry mishandles 32-bit processes making 64-bit syscalls or 64-bit processes making 32-bit syscalls. This can allow local users to bypass certain syscall audit configurations, and is related to CVE-2009...
CVE-2009-2910
CVE-2009-2910 affects the Linux kernel’s ia32 entry path on x86_64. The issue is that arch/x86/ia32/ia32entry.S does not clear certain kernel registers before returning to user mode, which allows a local attacker to read register values from an earlier process after switching an ia32 process into...
CVE-2010-4160
The CVE-2010-4160 issue is present in the Linux kernel before 2.6.36.2, involving multiple integer overflows in the PPPoL2TP and IPoL2TP sendmsg paths (pppol2tp_sendmsg and l2tp_ip_sendmsg). The vulnerability can allow local users to trigger a denial of service through heap memory corruption and ...
CVE-2013-0767
CVE-2013-0767 affects Mozilla Firefox (and related Mozilla components) with the nsSVGPathElement::GetPathLengthScale path handling. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service via an out-of-bounds read, reported for Firefox before 18.0, ESR 10....
CVE-2013-3804
CVE-2013-3804 affects Oracle MySQL Server prior to specific versions (5.1.69 and earlier, 5.5.31 and earlier, 5.6.11 and earlier). The issue is described as an unspecified vulnerability in the Server Optimizer that remote authenticated users can exploit to affect availability via unknown vectors....
CVE-2014-6463
CVE-2014-6463 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier; impact is availability via SERVER:REPLICATION ROW FORMAT BINARY LOG DML when an authenticated remote user runs DML. Red Hat advisories RHSA-2014-1940 and related RHSA entries indicate that MariaDB/MariaDB-Galera ...
CVE-2009-3620
CVE-2009-3620 affects the ATI Rage 128 (r128) driver in the Linux kernel, where the driver fails to properly verify Concurrent Command Engine (CCE) state initialization. This local vulnerability can cause a NULL pointer dereference and system crash (DoS) and may allow privilege escalation via uns...
CVE-2010-1437
CVE-2010-1437 is a race condition in the Linux kernel’s keyring handling (find_keyring_by_name in security/keys/keyring.c) affecting version 2.6.34-rc5 and earlier. A local user can exploit this via keyctl session commands that access a dead keyring being deleted by key_cleanup, leading to memory...
CVE-2010-3080
CVE-2010-3080 is a double-free vulnerability in the Linux kernel’s snd_seq_oss_open() (sound/core/seq/oss/seq_oss_init.c) affecting kernels before 2.6.36-rc4. An unsuccessful open of /dev/sequencer could trigger kernel memory corruption, leading to local denial of service and potentially other im...
CVE-2010-4080
CVE-2010-4080 affects the Linux kernel: snd_hdsp_hwdep_ioctl in sound/pci/rme9652/hdsp.c does not initialize a structure, enabling local attackers to leak kernel stack information via SNDRV_HDSP_IOCTL_GET_CONFIG_INFO. Affected products/versions: Linux kernel before 2.6.36-rc6. Impact is an inform...
CVE-2010-4165
CVE-2010-4165 affects the Linux kernel prior to 2.6.37-rc2. The do_tcp_setsockopt function does not properly constrain TCP_MAXSEG (MSS) values, allowing a local user to trigger a denial of service via a setsockopt with a small value, leading to a divide-by-zero or signed-integer misuse. Evidence ...
CVE-2013-0766
CVE-2013-0766 is a use-after-free in the ~nsHTMLEditRules implementation affecting Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15. The vulnerabili...
CVE-2013-3808
CVE-2013-3808 affects Oracle MySQL Server up to certain older releases: 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier. The vulnerability is described as unspecified and remote-authenticated, impacting availability via unknown vectors related to Server Options. No exploitation det...
CVE-2013-5611
CVE-2013-5611 refers to Mozilla Firefox (pre-26.0) where an App Installation doorhanger isn’t properly removed, enabling a remote attacker to spoof a Web App installation site by timing page navigation. Connected sources confirm affected products and fixes: IBM/SONAS and IBM Storwize advisories l...
CVE-2014-6484
CVE-2014-6484 is listed as an unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, with remote authenticated users able to affect availability via SERVER:DML. Connected Red Hat advisories (RHSA-2014-1940 and RHSA-2014-1862) classify this under MariaDB/MySQL...
CVE-2015-2737
CVE-2015-2737 affects Mozilla Firefox before 39.0 (and ESR 31.x before 31.8, 38.x before 38.1) and Thunderbird before 38.1. It targets rx::d3d11::SetBufferData, which reads data from uninitialized memory locations. The description notes the impact and attack vectors are unspecified; no explicit f...
CVE-2015-8931
CVE-2015-8931 involves multiple integer overflows in libarchive’s mtree support. The vulnerability arises in archive_read_support_format_mtree.c (mtree parser) in libarchive before 3.2.0, potentially allowing a remote attacker to trigger undefined behavior via a crafted mtree file. Connected advi...
CVE-2016-0668
CVE-2016-0668 affects Oracle MySQL 5.6.28 and earlier, 5.7.10 and earlier, and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12. The vulnerability is described as an unspecified issue related to InnoDB that can allow local users to affect availability. Remediation stated in the sources inc...
CVE-2012-4205
CVE-2012-4205 affects Mozilla Firefox (prior to 17.0), Mozilla Thunderbird (prior to 17.0), and SeaMonkey (prior to 2.14). The root cause, per the description, is that XMLHttpRequest objects created in sandboxes are assigned the system principal rather than the sandbox principal, enabling CSRF ag...
CVE-2013-3805
CVE-2013-3805 affects Oracle MySQL: MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 is vulnerable. Description specifies an unspecified vulnerability that allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements. The entry do...
CVE-2014-4667
CVE-2014-4667 affects the Linux kernel: the sctp_association_free function in net/sctp/associola.c before version 3.15.2 fails to properly manage a specific backlog value, enabling remote attackers to trigger a denial of service (socket outage) via a crafted SCTP packet. The vulnerability is root...
CVE-2015-8933
CVE-2015-8933 is a Libarchive vulnerability: an integer overflow in archive_read_support_format_tar_skip() within archive_read_format_tar.c, affecting Libarchive prior to 3.2.0. This can allow a remote attacker to crash a target via a crafted tar file (DoS). The connected Nessus/EulerOS entries c...
CVE-2010-2803
CVE-2010-2803 affects the Linux kernel DRM subsystem. The drm_ioctl path in drivers/gpu/drm/drm_drv.c allows a local user to request a large memory allocation and may leak kernel memory contents. Affected trees/versions include 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2...
CVE-2010-2954
The CVE-2010-2954 issue affects the Linux kernel IRDA stack: irda_bind in net/irda/af_irda.c may dereference a NULL pointer when irda_open_tsap fails, causing local denial of service (kernel panic) via repeated unsuccessful binds on AF_IRDA (PF_IRDA) sockets. Affected software is the Linux kernel...
CVE-2010-3874
CVE-2010-3874: Heap-based buffer overflow in the bcm_connect function of net/can/bcm.c (Broadcast Manager) in the Linux kernel CAN implementation. Affects 64-bit kernels, before 2.6.36.2, enabling local attackers to cause memory corruption and a denial of service via a connect operation. The conn...
CVE-2012-1090
CVE-2012-1090 affects the Linux kernel: the cifs_lookup function in fs/cifs/dir.c can trigger a local denial of service (OOPS) when a local user accesses a specially crafted file (e.g., a FIFO). The issue exists in kernel versions prior to 3.2.10. Exploitation requires local access. The documente...
CVE-2012-3961
CVE-2012-3961 is a use-after-free in the RangeData implementation affecting Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0/ESR 10.x before 10.0.7, and SeaMonkey before 2.12. Exploitation could allow remote code execution or a denial of service via heap memory...
CVE-2012-4209
Mode C: The CVE-2012-4209 issue affects Mozilla-based components used in MiracleLinux 4 (firefox-10.0.11-1.0.1.AXS4, xulrunner-10.0.11-1.0.1.AXS4) and is described as allowing cross-site scripting by abusing top frame name and location access. Affected products include Mozilla Firefox and Firefox...
CVE-2014-1484
CVE-2014-1484 affects Mozilla Firefox on Android 4.2 and earlier, where system logs may contain profile paths, enabling a crafted application to access sensitive information. Connected docs reference the CVE within openSUSE Firefox ESR advisories and indicate fixes in later Firefox ESR updates (e...