461 matches found
CVE-2012-4216
CVE-2012-4216 is a use-after-free in gfxFont::GetFontEntry affecting Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14. Exploitation could lead to remote code execution or a denial of service via h...
CVE-2015-8930
CVE-2015-8930 affects libarchive’s ISO parser (bsdtar) and can cause a denial-of-service via an infinite loop when opening a crafted ISO with a directory that is a member of itself. The available connected documents show this vulnerability across multiple advisories and platforms, indicating it i...
CVE-2016-4149
CVE-2016-4149 is part of a set of vulnerabilities in Adobe Flash Player. Connected advisories note the issue alongside multiple other CVEs (notably in 4122–4149) and describe vulnerabilities in the Flash Player libraries used by Microsoft IE/Edge. Public updates from Mageia list CVE-2016-4149 as ...
CVE-2009-1186
CVE-2009-1186 affects udev prior to version 1.4.1, where a buffer overflow in util_path_encode in udev/lib/libudev-util.c can be triggered by crafted arguments, enabling a local denial of service. Public reports tie this with the same issue as CVE-2009-1185/1186; multiple advisories (Mandriva, Ma...
CVE-2012-5833
CVE-2012-5833 concerns WebGL texImage2D handling in Mozilla Firefox (and related Gecko-based products) that interacts with Mesa drivers. The vulnerability can allow remote code execution or a denial of service (memory corruption) via certain level parameter values. Affected versions include Firef...
CVE-2014-3469
CVE-2014-3469 affects GNU libtasn1 before 3.6, where the functions asn1_read_value_type and asn1_read_value may dereference a NULL ivalue. In this context, crafted ASN.1 data can trigger a NULL pointer dereference in the library, leading to a denial of service (crash). The vulnerability is noted ...
CVE-2015-2695
CVE-2015-2695 affects MIT Kerberos 5 (krb5) where the krb5 GSS-API SPNEGO mechanism mishandles a context, relying on an inappropriate context handle. This can enable a remote attacker to cause a denial of service via a crafted gss_inquire_context call on a partially-established SPNEGO context, le...
CVE-2015-2696
MIT Kerberos 5 (krb5) vulnerability CVE-2015-2696 arises from an inappropriate context handle in iakerb.c, enabling remote denial of service via crafted IAKERB packets during gss_inquire_context. IBM CP4S remediation in the connected materials shows affected Cloud Pak for Security versions 1.8.0....
CVE-2009-1961
CVE-2009-1961 is a local-denial-of-service vulnerability in the Linux kernel related to the inode double-locking path in fs/ocfs2/file.c. A sequence of splice system calls can deadlock between generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write, preventing file creation/remov...
CVE-2012-4215
CVE-2012-4215 is a use-after-free in Mozilla Firefox’s nsPlaintextEditor::FireClipboardEvent that could allow remote code execution or a heap memory corruption, affecting Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before...
CVE-2012-5835
CVE-2012-5835 describes an integer overflow in the WebGL subsystem of Mozilla Firefox prior to 17.0 (also affecting Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0 and Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14). The overflow can lead to remote code execution or a den...
CVE-2016-4152
CVE-2016-4152 is an unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier used in Flash libraries for Internet Explorer 10/11 and Edge. Connected sources (HackerOne) map this to a ShimContentResolver.configure memory corruption issue in Flash Player, with patches issued by variou...
CVE-2010-2478
CVE-2010-2478: The Linux kernel before 2.6.33.7 on 32-bit platforms has an integer overflow in ethtool_get_rxnfc(), triggered by a large info.rule_cnt via ETHTOOL_GRXCLSRLALL. Local users can cause a denial of service or potentially other impact (as described in the connected Mirage/Linux advisor...
CVE-2012-3956
CVE-2012-3956 is a use-after-free in MediaStreamGraphThreadRunnable::Run in Mozilla Firefox before 15.0 (and similar affected versions for Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0/ESR 10.x before 10.0.7, SeaMonkey before 2.12). Successful exploitation could allow remote attackers t...
CVE-2012-3968
CVE-2012-3968 is a use-after-free in Firefox’s WebGL implementation related to deletion of a fragment shader by its accessor. The issue allows remote attackers to execute arbitrary code via crafted web content. Affected products include Mozilla Firefox (and Firefox ESR 10.x lineage) prior to patc...
CVE-2012-5838
CVE-2012-5838 affects the WebGL copyTexImage2D in Mozilla Firefox (<17.0), Thunderbird (<17.0), and SeaMonkey (
CVE-2014-0569
CVE-2014-0569 is an integer overflow vulnerability in Adobe Flash Player (and related AIR components) that could allow remote code execution. Affected products/versions (per initial entry) include Flash Player before 13.0.0.250 and 14.x before 15.0.0.189 on Windows/macOS and before 11.2.202.411 o...
CVE-2015-3340
CVE-2015-3340 affects Xen 4.2.x through 4.5.x and involves uninitialized fields, allowing certain remote domains to read sensitive memory content via XEN_DOMCTL_gettscinfo or XEN_SYSCTL_getdomaininfolist. Public advisories (e.g., Debian DSA-3414) classify this as a denial of information disclosur...
CVE-2013-0771
CVE-2013-0771 describes a heap-based buffer overflow in Mozilla Firefox’s gfxTextRun::ShrinkToLigatureBoundaries, affecting Firefox before 18.0 (and ESR 17.x before 17.0.1), Thunderbird before 17.0.2 (and ESR 17.x before 17.0.1), and SeaMonkey before 2.15. Successful exploitation via a crafted do...
CVE-2016-4957
ntpd (NTP) before version 4.2.8p8 is vulnerable to a remote DoS via specially crafted crypto-NAK packets, causing ntpd to crash. This issue stems from an incorrect fix applied after CVE-2016-1547 and affects ntpd’s handling of CRYPTO-NAK. Public references indicate an impact to the daemon’s avail...
CVE-2011-3970
CVE-2011-3970 affects libxslt as used in Google Chrome prior to 17.0.963.46, enabling a remote attacker to cause a denial of service via an out-of-bounds read (vectors not specified in the entry). The issue has been addressed in downstream advisories and Chrome updates; Chrome/SUSE/Fedora advisor...
CVE-2016-4150
CVE-2016-4150 is an unspecified memory corruption vulnerability in Adobe Flash Player 21.0.0.242 and earlier, reported in the Flash libraries used by IE/Edge. Connected sources confirm a ShimContentFactory.retrieveOpportunityGenerators() memory-corruption condition leading to potential memory cra...
CVE-2011-3439
CVE-2011-3439 affects FreeType in CoreGraphics on Apple iOS prior to 5.0.1. An attacker could craft a font in a document to trigger memory corruption, enabling remote code execution or a denial of service. Affected component: FreeType/CoreGraphics; impact: code execution and memory corruption. Re...
CVE-2012-5839
CVE-2012-5839 is a heap-based buffer overflow in Mozilla's gfxShapedWord::CompressedGlyph::IsClusterStart that affects Firefox and related Mozilla components. Affected software includes Mozilla Firefox before 17.0 (and ESR 10.x before 10.0.11), Thunderbird before 17.0 (and ESR 10.x before 10.0.11...
CVE-2012-5840
CVE-2012-5840 is a Use-after-free vulnerability in Mozilla Firefox’s nsTextEditorState::PrepareEditor, affecting Firefox prior to 17.0, Firefox ESR 10.x prior to 10.0.11, Thunderbird prior to 17.0, Thunderbird ESR 10.x prior to 10.0.11, and SeaMonkey prior to 2.14. The flaw allows remote attacker...
CVE-2016-4153
CVE-2016-4153 is a memory‑corruption vulnerability in Adobe Flash Player’s ShimOpportunityGenerator.configure() that can cause a memory crash and, as described by a trusted report, could enable arbitrary code execution. The vulnerability is associated with Flash Player builds up to 21.0.0.242 and...
CVE-2009-2472
Affected software: Mozilla Firefox before 3.0.12 (as per CVE-2009-2472). Issue: during object construction, Firefox did not always use XPCCrossOriginWrapper, allowing bypass of the Same Origin Policy and enabling cross-site scripting (XSS) via a crafted document. Impact: potential XSS vulnerabili...
CVE-2014-9853
CVE-2014-9853 : In ImageMagick, a memory leak in the coders/rle.c parser can be triggered by a crafted RLE file, enabling remote attackers to cause a denial of service via memory consumption. The available documents confirm ImageMagick and the rle.c component as the affected codepath; no version ...
CVE-2016-4135
CVE-2016-4135 is one of multiple Flash Player vulnerabilities addressed in mid‑2016 advisories. Connected sources show this entry being treated as a memory corruption issue in Adobe Flash Player (Flash libraries in IE/Edge) that contributes to heap-based buffers overflow and arbitrary code execut...
CVE-2013-5610
CVE-2013-5610 is a memory-corruption vulnerability in the Mozilla Firefox browser engine (pre-26.0) and SeaMonkey (pre-2.23) with potential remote code execution via unknown vectors and denial of service. Public advisories (e.g., openSUSE/MFSA entries) indicate fixes are available by upgrading Fi...
CVE-2014-6564
CVE-2014-6564 affects Oracle MySQL Server 5.6.19 and earlier. Described as an unspecified vulnerability that allows remote authenticated users to affect availability via INNODB FULLTEXT SEARCH DML vectors. Connected sources confirm affected product/version and impact focus on availability; no exp...
CVE-2016-4125
CVE-2016-4125 is listed as an Adobe Flash Player vulnerability addressed by the 11.2.202.626 update (APSB16-18) across multiple Linux distributions (SUSE/openSUSE) and Red Hat advisories. The connected documents confirm the CVE is part of a batch of issues fixed in the Flash Player update and lin...
CVE-2016-4156
CVE-2016-4156 is an unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, used in the Flash libraries for Microsoft Internet Explorer 10/11 and Edge. The description notes unknown impact and attack vectors and distinguishes it from MS16-083. Connected documents show this family ...
CVE-2012-4196
CVE-2012-4196 affects Mozilla Firefox (and related Mozilla components) where a prototype property-injection attack on the Location object (window.location) bypassed Same Origin Policy. Affected are Firefox prior to 16.0.2, Firefox ESR 10.x prior to 10.0.10, Thunderbird prior to 16.0.2, Thunderbir...
CVE-2016-4141
CVE-2016-4141 is described as an unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, used in the Flash libraries for Microsoft Internet Explorer 10/11 and Microsoft Edge, with unknown impact and attack vectors. The connected documents provide concrete remediation activity: Mag...
CVE-2012-4179
CVE-2012-4179 is a use-after-free in Mozilla Firefox's nsHTMLCSSUtils::CreateCSSPropertyTxn that can lead to code execution or heap memory corruption. Affected are Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey befor...
CVE-2012-4183
CVE-2012-4183 is a use-after-free in DOMSVGTests::GetRequiredFeatures affecting Firefox before 16.0, Firefox ESR before 10.0.8, Thunderbird before 16.0, and SeaMonkey before 2.13, with potential for remote code execution or a denial of service via heap memory corruption. Connected advisories from...
CVE-2013-0643
CVE-2013-0643: Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows remote code execution via crafted SWF content. Affected products include Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows/macOS, and before 10.3.183....
CVE-2015-8925
CVE-2015-8925 affects libarchive (before 3.2.0). A denial of service can be triggered by processing a crafted mtree file due to an invalid memory read in read_mtree. Affected products include libarchive in various distributions; remediation is to upgrade to a fixed libarchive version as provided ...
CVE-2012-3963
CVE-2012-3963 is a Use-after-free in Mozilla Firefox's js::gc::MapAllocToTraceKind that can allow remote code execution. Affected: Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, SeaMonkey before 2.12. Mitigation: upgrade to Firefo...
CVE-2012-4184
CVE-2012-4184 affects Mozilla's COW in Firefox (and related Mozilla products) prior to version 16.0 (Firefox), ESR 10.x prior to 10.0.8, Thunderbird prior to 16.0, Thunderbird ESR 10.x prior to 10.0.8, and SeaMonkey prior to 2.13. The issue allows a crafted web site to bypass restrictions and acc...
CVE-2012-4193
CVE-2012-4193 affects Mozilla Firefox and related Mozilla products (Firefox before 16.0.1, Firefox ESR before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR before 10.0.9, SeaMonkey before 2.13.1). Root cause: a security check in the defaultValue unwrapping of security wrappers is omitted, al...
CVE-2016-4151
CVE-2016-4151 is described as an unspecified memory-corruption vulnerability in Adobe Flash Player 21.0.0.242 and earlier, affecting the Flash library components used by Internet Explorer 10/11 and Microsoft Edge. The connected documents attribute the issue to ShimContentFactory.retrieveResolvers...
CVE-2016-4154
CVE-2016-4154 is a memory-corruption vulnerability in Adobe Flash Player (used in Flash libraries in IE11/Edge) linked to ShimContentResolver.resolve() with resolverType=0. Root cause: improper validation leading to a memory crash, enabling potential arbitrary code execution. Affected: Adobe Flas...
CVE-2014-0564
CVE-2014-0564 affects Adobe Flash Player before 13.0.0.250, 14.x before 15.0.0.189 on Windows/macOS and before 11.2.202.411 on Linux, as well as Adobe AIR before 15.0.0.293 and related AIR SDKs, allowing arbitrary code execution or memory corruption via unspecified vectors (distinct from CVE-2014...
CVE-2016-4142
CVE-2016-4142 is a use-after-free vulnerability in Adobe Flash Player (as used in Flash libraries for Internet Explorer 10/11 and Microsoft Edge) that can lead to remote code execution via specially crafted SWF content. The initial entry notes Flash Player 21.0.0.242 and earlier as affected. Conn...
CVE-2016-4146
CVE-2016-4146 is a Flash Player vulnerability affecting Adobe Flash Player in the browser plugins used by IE/Edge, with a focus on memory corruption/use-after-free conditions that could lead to arbitrary code execution. Public advisories (e.g., Mageia and ALT Linux) group it with other CVEs (4122...
CVE-2016-4148
CVE-2016-4148 is part of a family of Flash Player vulnerabilities fixed in 2016 across multiple advisories. Connected records confirm multiple CVEs (including 4148) with a range of memory corruption issues (use-after-free, heap overflows, type confusion, information disclosure) that could lead to...
CVE-2016-9957
Summary: CVE-2016-9957 corresponds to a stack-based buffer overflow in the Game Music Emu library prior to version 0.6.1. Multiple connected advisories (Gentoo GLSA-201707-02, Fedora advisories) describe a remotely triggerable condition: a user could be enticed to open a specially crafted SPC mus...
CVE-2008-0063
CVE-2008-0063 affects MIT Kerberos 5 (krb5kdc) where Kerberos v4 support leaves an unused buffer uncleared when generating error messages. This can allow remote attackers to read sensitive information from memory. Public advisories across multiple vendors (e.g., MiracleLinux AXSA-2008-345/AXSA-20...