279 matches found
CVE-2014-1491
CVE-2014-1491 describes an issue in the Mozilla NSS library where public DH values were not properly restricted, enabling remote attackers to bypass cryptographic protections in ticket handling when NSS was used (e.g., in Firefox/Thunderbird/SeaMonkey). The vulnerability affects NSS
CVE-2014-6271
CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...
CVE-2014-7169
CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...
CVE-2015-2590
CVE-2015-2590 is an unspecified vulnerability affecting Oracle Java SE (6u95, 7u80, 8u45) and Java SE Embedded (7u75, 8u33) with impact to confidentiality, integrity, and availability via unknown vectors in the Libraries component. Public details in the initial description are limited; connected ...
CVE-2013-1690
CVE-2013-1690 affects Mozilla Firefox prior to 22.0, Firefox ESR 17.x prior to 17.0.7, Thunderbird prior to 17.0.7, and Thunderbird ESR 17.x prior to 17.0.7. Root cause is improper handling of onreadystatechange events with page reload, enabling a crafted web page to cause a denial-of-service (cr...
CVE-2014-3153
The CVE-2014-3153 issue affects the Linux kernel futex_requeue path (kernel/futex.c) through version 3.14.5. A local unprivileged user can exploit FUTEX_REQUEUE with two identical futex addresses to gain privileges or modify waiter state, causing potential privilege escalation and memory impact. ...
CVE-2013-0640
CVE-2013-0640 is a memory corruption remote code execution vulnerability in Adobe Reader and Acrobat. It affects Adobe Reader/Acrobat 9.x prior to 9.5.4, 10.x prior to 10.1.6, and 11.x prior to 11.0.02, exploitable via a crafted PDF and observed in the wild in February 2013. The impact includes r...
CVE-2012-5076
CVE-2012-5076 is described in IBM’s JRE/JRules bulletin as an issue in IBM JRE 7.0 SR2 or earlier (shipped with Rational Functional Tester) and in non-IBM Java 7.0. The IBM document lists the vulnerability as affecting a number of internal com.sun packages which should be restricted. Remediation ...
CVE-2012-2034
CVE-2012-2034 concerns memory corruption in Adobe Flash Player (and Adobe AIR) that enables remote code execution or DoS via unspecified vectors. Affected platforms include Windows/macOS prior to 10.3.183.20 and 11.x before 11.3.300.257 (Windows/macOS), Linux prior to 11.2.202.236, Android 2.x/3....
CVE-2015-0313
Adobe Flash Player is affected by a use-after-free vulnerability (CVE-2015-0313) that enables remote code execution via crafted SWF handling. Affected products include Flash Player versions prior to 13.0.0.269 and 14.x–16.x prior to 16.0.0.305 on Windows/macOS, and prior to 11.2.202.442 on Linux....
CVE-2011-0611
CVE-2011-0611 affects Adobe Flash Player before 10.2.154.27 (Windows/macOS/Linux/Solaris) and 10.2.156.12 and earlier on Android, plus Authplay.dll in Reader/Acrobat components. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service via crafted Flash cont...
CVE-2015-8651
CVE-2015-8651 is an Adobe Flash Player vulnerability described as an integer overflow that enables remote code execution. The initial entry lists affected Flash Player versions on Windows, OS X, and Linux, and notes exploitation to run arbitrary code via unspecified vectors. Connected sources con...
CVE-2013-2729
CVE-2013-2729 : Integer overflow in Adobe Reader/Acrobat BMP/RLE image handling can lead to arbitrary code execution. Affected: Adobe Reader/Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03. Root cause: heap/buffer overflow while parsing embedded BMP RLE resources in PDFs. Im...
CVE-2015-7645
CVE-2015-7645 is an Adobe Flash Player remote code execution vulnerability exploitable via a crafted SWF file. The initial document states Flash Player 18.x–18.0.0.252 and 19.x–19.0.0.207 on Windows and macOS, and 11.x–11.2.202.535 on Linux, with exploitation observed in the wild in October 2015....
CVE-2015-5119
The CVE-2015-5119 entry documents a use-after-free in Adobe Flash Player’s AS3 ByteArray class. The vulnerability arises when a crafted valueOf override in an object causes the ByteArray storage to be reallocated during a write ba[0] = obj, leading to memory corruption and potential remote code e...
CVE-2013-0641
CVE-2013-0641 is a buffer overflow in Adobe Reader and Acrobat versions prior to certain patches that allows a remote attacker to execute arbitrary code via a crafted PDF. The description specifies impact as remote code execution, with exploitation observed in the wild in February 2013. Affected ...
CVE-2015-4495
CVE-2015-4495 affects Mozilla Firefox's built-in PDF viewer. The vulnerability allows remote attackers to bypass the Same Origin Policy and read arbitrary files or gain privileges via crafted JavaScript and a native setter, in Firefox versions before 39.0.3, Firefox ESR 38.x before 38.1.1, and Fi...
CVE-2015-2808
CVE-2015-2808 concerns RC4 usage in TLS/SSL within OpenJDK/OpenJDK components. The Invariance Weakness (Bar Mitzvah) means RC4 key material can leak partial plaintext from the first bytes of a TLS/SSL stream, enabling plaintext-recovery under certain traffic patterns. Public advisories for OpenJD...
CVE-2015-5122
CVE-2015-5122 involves a Use-After-Free in the DisplayObject class of the AS3 Flash Player. It affects Flash Player 13.x–18.x on Windows/macOS, 11.x–11.2.x on Linux, and 12.x–18.0.0.204 on Linux Chrome. The flaw, triggered by improper handling of the opaqueBackground property, enables remote code...
CVE-2015-5123
CVE-2015-5123 describes a use-after-free in the BitmapData class of the ActionScript 3 (AS3) implementation in Adobe Flash Player . The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by crafting Flash content that overrides a value...
CVE-2015-0311
CVE-2015-0311 affects Adobe Flash Player on Windows/macOS up to 16.0.0.287 and Linux 11.2.202.438, described as an unspecified vulnerability that allowed remote code execution via unknown vectors. Exploitation in the wild was reported in January 2015. Connected sources confirm this is a remote-co...
CVE-2026-31431
CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...
CVE-2010-3904
CVE-2010-3904 is a Linux kernel flaw in the RDS implementation where rds_page_copy_user does not validate user-space addresses, enabling local privilege escalation via crafted sendmsg/recvmsg calls. Affected: Linux kernels prior to 2.6.36; fixed in later kernel releases (e.g., Red Hat/CentOS advi...
CVE-2016-1286
CVE-2016-1286 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). A remote attacker can trigger a denial of service by sending a crafted DNS signature for a DNAME record, leading to an assertion failure in resolver.c or db.c and a named process crash. The issue is documented with ...
CVE-2016-1285
CVE-2016-1285 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). The issue arises from improper handling of control-channel input to rndc, causing assertion failure and named daemon exit via a malformed packet. Connected advisories describe related impact for DNAME records (CVE-2...
CVE-2011-4862
CVE-2011-4862 is a remote pre-authentication buffer overflow in the encryption handling of BSD telnetd: libtelnet/encrypt.c in telnetd on FreeBSD 7.3–9.0, krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, and GNU inetutils. The underlying bug allows arbitrary code execution by sending a lon...
CVE-2012-2037
Adobe Flash Player and AIR vulnerability CVE-2012-2037 involves memory corruption that could allow remote code execution orDoS. Affected products span multiple platforms; remediation in the related advisories shows upgrading Flash Player to 11.2.202.236 (and corresponding AIR update 3.3.0.3610) m...
CVE-2009-1185
CVE-2009-1185 affects udev before 1.4.1, which does not verify NETLINK message origin from kernel space, enabling a local user to gain privileges by sending a crafted NETLINK message. Public references show PoC/exploit activity (e.g., Metasploit module, Exploit-DB entries) and multiple advisories...
CVE-2012-0444
CVE-2012-0444 describes a heap-based memory corruption vulnerability in the libvorbis Ogg Vorbis parser that could allow remote code execution or a crash when processing crafted Ogg Vorbis files. Affected products across Mozilla ecosystem (Firefox, Thunderbird, Seamonkey and related XULRunner/Ice...
CVE-2013-0753
CVE-2013-0753 is a Use‑after‑free vulnerability in Mozilla Firefox’s XMLSerializer.serializeToStream, affecting Firefox before 18.0 (and ESR/Thunderbird/SeaMonkey variants) and allowing remote code execution via crafted content. The issue is exploitable as part of Firefox 17.x lineage; Metasploit...
CVE-2013-4002
CVE-2013-4002 affects the Xerces2 Java XML parser. XMLScanner.java in Xerces2 Java Parser before 2.12.0 (as used in various JREs and Oracle/Jakarta distributions) could allow remote denial of service via vectors related to XML attribute names. IBM and other vendors document DoS impact on affected...
CVE-2013-0758
CVE-2013-0758 affects Mozilla Firefox (pre-18.0), Firefox ESR (pre-10.0.12 and pre-17.0.2), Thunderbird (pre-17.0.2, including ESR 10.x pre-10.0.12 and pre-17.0.2), and SeaMonkey (pre-2.15). It allows remote attackers to execute arbitrary JavaScript with chrome privileges due to improper interact...
CVE-2015-8126
CVE-2015-8126 concerns libpng buffer overflows in png_set_PLTE and png_get_PLTE caused by improper bounds checks. Affected ranges include libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19. Exploitation via a small bit-...
CVE-2011-1083
The CVE-2011-1083 issue affects the Linux kernel epoll implementation (epoll_ctl/epoll_create) as shipped in 2.6.37.2 and earlier. Local attackers can cause CPU denial of service by crafting a user-space application that creates and manages epoll file descriptors, exploiting improper traversal of...
CVE-2014-0502
CVE-2014-0502 is a double‑free vulnerability in Adobe Flash Player and related components that allows remote code execution. Affected products include Flash Player prior to 11.7.700.269 and 11.8.x up to 12.0.x before 12.0.0.70 on Windows/macOS, and before 11.2.202.341 on Linux, as well as Adobe A...
CVE-2013-1861
CVE-2013-1861 affects MariaDB SQL branches (5.5.x up to 5.5.30, 5.3.x up to 5.3.13, 5.2.x up to 5.2.15, 5.1.x up to 5.1.68) and Oracle MySQL (5.1.69 and earlier, 5.5.31 and earlier, 5.6.11 and earlier). The vulnerability allows remote DoS (crash) via a crafted geometry feature with a large number...
CVE-2014-0497
CVE-2014-0497 is an Adobe Flash Player integer underflow vulnerability affecting multiple platforms (Windows/macOS/Linux) that enables remote code execution via unspecified vectors. The initial description confirms the affected version ranges (pre-11.7.700.261/11.8.x–12.x pre-12.0.0.44 on Windows...
CVE-2012-5612
CVE-2012-5612 describes a heap-based buffer overflow in Oracle MySQL 5.5.19–5.5.28 and MariaDB 5.5.28a (and possibly other versions), enabling remote authenticated users to cause memory corruption, crash the server, and potentially execute arbitrary code. The vulnerability is exploited via a vari...
CVE-2011-4516
CVE-2011-4516 affects JasPer, specifically the heap-based buffer overflow in the function jpc_cox_getcompparms (libjasper/jpc/jpc_cs.c) within JasPer 1.900.1. A crafted value in a COD (coding style default) marker segment of a JPEG2000 file can cause remote code execution or memory corruption, po...
CVE-2010-4258
The CVE-2010-4258 issue affects the Linux kernel versions prior to 2.6.36.2. The do_exit function in kernel/exit.c mishandles a KERNEL_DS get_fs value, bypassing access_ok checks and enabling local privilege escalation by overwriting arbitrary kernel memory. Exploitation vectors include use of th...
CVE-2014-4943
CVE-2014-4943 affects the Linux kernel up to 3.15.6, specifically the PPPoL2TP feature in net/l2tp/l2tp_ppp.c. The vulnerability arises from data-structure differences between an l2tp socket and an inet socket, enabling local privilege escalation. Public details in connected sources include PoC/e...
CVE-2012-5829
CVE-2012-5829 is a heap-based buffer overflow in the nsWindow::OnExposeEvent function affecting Mozilla Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before 2.14. Connected documents confirm this vulnerability across multip...
CVE-2011-4517
CVE-2011-4517 affects JasPer 1.900.1 used for JPEG-2000 decoding. The flaw is in libjasper/jpc/jpc_cs.c: jpc_crg_getparms uses an incorrect data type during a size calculation, enabling remote attackers to trigger a heap-based buffer overflow via a crafted CRG marker segment in a JPEG2000 file. C...
CVE-2015-1781
CVE-2015-1781 affects the GNU C Library (glibc/eglibc) NSS gethostbyname_r and related functions. A misaligned input buffer can cause a buffer overflow, leading to a crash or potentially arbitrary code execution via crafted DNS responses. Public advisories (Debian, Cloud Foundry, CentOS/RH, CNVD)...
CVE-2012-4186
CVE-2012-4186 : Heap-based buffer overflow in Mozilla Firefox’s nsWaveReader::DecodeAudioData. Affected products include Firefox before 16.0 (and Firefox ESR 10.x before 10.0.8), Thunderbird before 16.0, and SeaMonkey before 2.13. Vectors are unspecified in the provided docs, but exploitation wou...
CVE-2014-1490
CVE-2014-1490 : A race condition in NSS libssl session ticket processing (use-after-free) could allow remote attackers to cause a denial of service or, per the description, potentially other impact via a resumption handshake. Affected: NSS up to 3.15.4 and, by extension, Mozilla products (Firefox...
CVE-2012-2036
Adobe Flash Player and Adobe AIR are affected by multiple CVEs (CVE-2012-2034 to CVE-2012-2040) including an integer overflow and related memory corruption that could allow arbitrary code execution. The CVEs apply to various platforms: Windows, macOS, Linux, and Android, with Adobe AIR тоже affec...
CVE-2015-0272
CVE-2015-0272 affects GNOME NetworkManager and allows remote denial of service via a crafted MTU value in IPv6 Router Advertisement messages. Public advisories (IBM PowerKVM bulletin and CentOS/Ubuntu/Debian disclosures) show patches and updated NetworkManager packages to fix the issue; remediati...
CVE-2015-8776
The CVE-2015-8776 issue affects the GNU C Library (glibc) strftime() function. The vulnerability, present in glibc versions before 2.23, allows context-dependent attackers to cause a denial of service (application crash) and, in some disclosures, potentially obtain sensitive information via out-o...
CVE-2012-2038
CVE-2012-2038 affects Adobe Flash Player across Windows, macOS, Linux, Android, and Adobe AIR before 3.3.0.3610. The issue allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Connected sources note that the Flash Player update to 11.2....