474 matches found
CVE-2019-18902
CVE-2019-18902 is a Use After Free vulnerability in the Wicked service used by SUSE Linux Enterprise Server 12/15 and related openSUSE variants. The issue affects Wicked components prior to specific versions (SLES 12 <0.6.60-3.5.1; SLES 15 <0.6.60-3.21.1; openSUSE Leap 15.1 <0.6.60-lp151...
CVE-2010-3876
CVE-2010-3876 affects the Linux kernel: the code path net/packet/af_packet.c in kernel versions before 2.6.37-rc2 does not properly initialize certain structure members, allowing local users with CAP_NET_RAW to read copies of the applicable structures from kernel stack memory. Publicly document d...
CVE-2013-0746
CVE-2013-0746 affects Mozilla products including Firefox (before 18.0), Firefox ESR (before 10.0.12 and 17.x before 17.0.2), Thunderbird (before 17.0.2, and ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The issue is a quickstubs/jsval return-value handling flaw tha...
CVE-2014-1874
The CVE-2014-1874 entry is about the Linux kernel vulnerability in security/selinux/ss/services.c: the security_context_to_sid_core function before 3.13.4 allows local users with CAP_MAC_ADMIN to set a zero-length security context, causing a denial of service (system crash). Affected product: Lin...
CVE-2014-5077
CVE-2014-5077 affects the Linux kernel’s SCTP code: the function sctp_assoc_update in net/sctp/associola.c (affected in kernel builds up to 3.15.8) can be triggered when SCTP authentication is enabled. An attacker can cause a denial of service via a NULL pointer dereference and kernel OOPS by ini...
CVE-2016-2782
CVE-2016-2782 : In the Linux kernel, the treo_attach function in drivers/usb/serial/visor.c (pre-4.5) can be exploited by a physically proximate attacker who inserts a USB device missing a bulk-in or interrupt-in endpoint, causing a NULL pointer dereference and kernel crash (DoS) or possibly othe...
CVE-2010-4158
The CVE-2010-4158 issue affects the Linux kernel (pre-2.6.36.2) where sk_run_filter in net/core/filter.c may execute BPF_S_LD_MEM or BPF_S_LDX_MEM before a memory location is initialized. This can allow local users to read potentially sensitive kernel stack memory via a crafted socket filter. The...
CVE-2015-4830
CVE-2015-4830 corresponds to an unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier. The description states remote authenticated users can affect integrity via unknown vectors related to Server:Security:Privileges. Connected documents (F5/K59010802 advisory,...
CVE-2016-9398
CVE-2016-9398 affects JasPer: the jpc_floorlog2 function in jpc_math.c is vulnerable in versions before 1.900.17, allowing remote attackers to trigger a denial of service (assertion failure) via unspecified vectors. Connected documents confirm the affected component and impact; no remediation det...
CVE-2012-4194
The CVE-2012-4194 issue affects Mozilla Firefox and related Mozilla components where the valueOf shadowing of the location object (window.location) enables cross-site scripting via plugin vectors. Affected software and versions (stated in the provided sources) include: Mozilla Firefox before 16.0...
CVE-2015-0441
CVE-2015-0441 is an unspecified remote-authenticated vulnerability in Oracle MySQL Server 5.5.x (and earlier) affecting availability via unknown vectors in Server: Security: Encryption. Connected advisories confirm this CVE appears in multiple upstream/security notices and requires upgrading MySQ...
CVE-2012-3972
CVE-2012-3972 affects the XSLT format-number functionality in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The vulnerability allows remote attackers to obtain sensitive information via unspecif...
CVE-2015-0501
CVE-2015-0501 is a MySQL Server vulnerability affecting 5.5.42 and earlier and 5.6.23 and earlier, where an unspecified issue in Server: Compiling could allow a remote authenticated user to disrupt availability. The connected documents confirm that exploitation details are not provided, and the a...
CVE-2015-8779
CVE-2015-8779 affects the GNU C Library (glibc). The vulnerability is a stack-based buffer overflow in the catopen() function when handling long catalog names, which can cause an application crash (DoS) or potentially allow arbitrary code execution. Affected products include glibc releases prior ...
CVE-2012-3960
CVE-2012-3960 is a use-after-free in mozSpellChecker::SetCurrentDictionary that affects Mozilla Firefox <15.0, Firefox ESR <10.0.7, Thunderbird <15.0 / ESR, and SeaMonkey
CVE-2017-5898
CVE-2017-5898 affects Quick Emulator (QEMU) when built with CCID Card device emulator support. The vulnerability is an integer overflow in the emulated_apdu_from_guest function (usb/dev-smartcard-reader.c) that allows a local user to crash the QEMU host process by sending a large APDU unit, causi...
CVE-2010-2249
CVE-2010-2249 affects libpng: memory leak in pngrutil.c when processing certain PNG chunks (notably sCAL). Versions affected are libpng before 1.2.44 and 1.4.x before 1.4.3; exploitation can cause a denial of service via memory consumption and application crash. Remediation per connected sources ...
CVE-2010-4073
CVE-2010-4073 affects the Linux kernel IPC compatibility code: before 2.6.37-rc1, several compat syscall handlers (ipc/compat.c and ipc/compat_mq.c) fail to initialize certain structures, enabling local attackers to read potentially sensitive kernel stack memory via vectors in compat_sys_semctl, ...
CVE-2012-0442
CVE-2012-0442 covers multiple memory-safety vulnerabilities in the Mozilla browser engine affecting Firefox before 3.6.26 and 4.x–9.0, Thunderbird before 3.1.18 and 5.0–9.0, and SeaMonkey before 2.7. The issues can cause memory corruption, application crashes, or potentially remote code execution...
CVE-2015-8778
CVE-2015-8778 affects the GNU C Library (glibc) prior to 2.23, where an integer/size argument in hcreate_r can trigger an out-of-bounds heap access, potentially causing denial of service or arbitrary code execution. Connected advisories detail that multiple products (notably glibc-containing pack...
CVE-2009-2416
CVE-2009-2416 is a use-after-free in libxml2 (versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, 2.6.32) and libxml 1.8.17 triggered by crafted Notation/Enumeration attribute types in a DTD; leads to denial of service (application crash). Related CVE-2009-2414 is a stack-growth DoS via deep DTD structures....
CVE-2012-3986
CVE-2012-3986 affects Mozilla Firefox prior to 16.0 (and Firefox ESR 10.x prior to 10.0.8), Thunderbird prior to 16.0, and SeaMonkey before 2.13. The root cause is that certain DOMWindowUtils (nsDOMWindowUtils) methods were not protected by security checks, allowing remote JavaScript to bypass in...
CVE-2013-0755
CVE-2013-0755 refers to a use-after-free in the mozVibrate implementation of the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15. The vulnerability allows remote code execution...
CVE-2014-2309
CVE-2014-2309 affects the Linux kernel (net/ipv6/route.c, function ip6_route_add) up to version 3.13.6. It causes memory exhaustion via a flood of ICMPv6 Router Advertisement packets, enabling a remote attacker to trigger DoS. The connected Nessus/OpenVAS advisories reference Unity Linux security...
CVE-2014-6469
CVE-2014-6469 is an unspecified vulnerability in Oracle MySQL Server affecting 5.5.39 and earlier and 5.6.20 and earlier, enabling remote authenticated users to affect availability via SERVER:OPTIMIZER. Connected advisories indicate remediation through upgrading MySQL to 5.5.40 or newer (e.g., De...
CVE-2015-0499
CVE-2015-0499 is a documented, non-query vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier, affecting the Server Federated component and capable of denial of service by remote authenticated users. Public details confirm the issue but do not provide exploit specifics. ...
CVE-2016-4953
CVE-2016-4953 affects ntpd (NTP 4.x) and relates to DoS via crafted CRYPTO_NAK or spoofed packets that can demobilize ephemeral associations, potentially disrupting time synchronization. Connected docs confirm multiple ntpd-family vulnerabilities (CVE-2016-4953/4954/4955/4956/4957) with root caus...
CVE-2019-18903
CVE-2019-18903 describes a Use-After-Free in the wicked service across SUSE/openSUSE products. Affected: SUSE Linux Enterprise Server 12 wicked < 0.6.60-2.18.1 and SLES 15 wicked < 0.6.60-28.26.1; openSUSE Leap 15.1 wicked < 0.6.60-lp151.2.9.1; openSUSE Factory wicked
CVE-2019-3687
CVE-2019-3687 affects the permissions package in SUSE/openSUSE SLE/OpenSUSE, allowing local users to run dumpcap with the easy permission profile and sniff network traffic. Affected range: permissions versions from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119...
CVE-2012-0879
CVE-2012-0879 affects the Linux kernel prior to 2.6.33, where the I/O implementation for block devices mishandles the CLONE_IO feature. Local attackers can create multiple processes sharing an I/O context, causing I/O instability and a denial of service. The vulnerability is evidenced across mult...
CVE-2012-3515
CVE-2012-3515 affects QEMU (as used in Xen 4.0/4.1) where emulating certain devices with a virtual console backend lets local guest OS users gain privileges via a crafted escape VT100 sequence that overwrites a device model’s address space. Connected documents confirm this CVE is included in mult...
CVE-2014-1489
Technical details for CVE-2014-1489 are not publicly available in the provided documents. Monitor for updates from vendors and vulnerability feeds.
CVE-2014-6568
CVE-2014-6568 is an Oracle MySQL/MariaDB vulnerability affecting InnoDB DML leading to potential availability impact in MySQL Server 5.5.x (<=5.5.40) and 5.6.x (
CVE-2013-0768
Technical details for CVE-2013-0768 are not publicly available in the provided documents. Monitor for updates.
CVE-2014-4653
Summary (CVE-2014-4653) : The ALSA control implementation in the Linux kernel has a race/lock handling issue in sound/core/control.c. It does not ensure possession of a read/write lock, enabling a local attacker to trigger a denial of service (use-after-free) and to potentially read kernel memory...
CVE-2013-0760
CVE-2013-0760 describes a buffer overflow in Mozilla Firefox’s CharDistributionAnalysis::HandleOneChar, allowing remote code execution via a crafted document. Affected products per the description: Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15. Root cause is a memory c...
CVE-2014-0131
CVE-2014-0131 affects the Linux kernel up to version 3.13.6. The vulnerability is a use-after-free in the skb_segment function within net/core/skbuff.c caused by the absence of a certain orphaning operation. Exploitation details are not provided in the supplied documents. The impact is that an at...
CVE-2014-2494
CVE-2014-2494 is an unspecified vulnerability in the MySQL/MariaDB MySQL Server component (affecting Oracle MySQL 5.5.37 and earlier) that can allow remote authenticated users to affect availability via vectors related to ENARC. Connected sources also tie this CVE to MariaDB advisories and tracke...
CVE-2016-4954
The CVE-2016-4954 entry affects ntpd (NTP v4) and is triggered by the process_packet() function in ntp_proto.c, where NTP 4.x versions before 4.2.8p8 can be caused to enter a peer-variable modification state when it receives spoofed packets from multiple sources, demonstrated by an incorrect leap...
CVE-2012-3991
CVE-2012-3991 affects Mozilla Firefox and related Mozilla products: Firefox and Firefox ESR before the 16.0 line, Thunderbird before 16.0, and SeaMonkey before 2.13 did not properly restrict JSAPI GetProperty access, bypassing the Same Origin Policy. This vulnerability could allow remote attacker...
CVE-2013-0749
CVE-2013-0749 describes multiple unspecified vulnerabilities in the Mozilla Firefox browser engine (before 18.0) and related products (Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2 and ESR 17.x before 17.0.1, SeaMonkey before 2.15). The description states that remote attackers could c...
CVE-2015-8934
CVE-2015-8934 affects libarchive up to version 3.2.0, with a flaw in copy_from_lzss_window inside archive_read_support_format_rar.c that can trigger an out-of-bounds heap read via a crafted RAR file, leading to denial of service. Public advisories from multiple vendors describe this as part of a ...
CVE-2007-6427
CVE-2007-6427 affects the X.Org Xserver (XInput-Misc extension) prior to version 1.4.1. The root cause is missing input sanitising within the XInput‑Misc code, which can lead to local privilege escalation. In public advisories, this is described as a vulnerability in the XInput‑Misc path that all...
CVE-2011-3659
CVE-2011-3659 is a use-after-free in Mozilla Firefox (before 3.6.26 and 4.x through 9.0), Thunderbird (before 3.1.18 and 5.0 through 9.0), and SeaMonkey (before 2.7). The root cause is premature notification of AttributeChildRemoved that affects access to removed nsDOMAttribute child nodes, enabl...
CVE-2012-0449
CVE-2012-0449 affects Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7. Description: remote attackers can cause memory corruption and application crash, or possibly execute arbitrary code via a malformed XSLT stylesheet emb...
CVE-2014-0069
The CVE-2014-0069 entry affects the Linux kernel (fs/cifs/file.c: cifs_iovec_write) up to version 3.13.5. The vulnerability stems from improper handling of uncached write operations that copy fewer bytes than requested, enabling local users to read kernel memory (information disclosure), cause me...
CVE-2015-0505
CVE-2015-0505 affects Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier. An unspecified remote-authenticated vulnerability related to Data Definition Language (DDL) operations could cause a denial of service. Impact is limited to availability (partial). The public description does no...
CVE-2019-18901
CVE-2019-18901 affects SUSE Linux Enterprise Server 12 (mariadb, prior to 10.2.31-3.25.1) and SLE 15 (mariadb, prior to 10.2.31-3.26.1). A UNIX symlink following in mysql-systemd-helper allows local attackers to change permissions of arbitrary files to 0640. The vulnerability is localized (LOCAL)...
CVE-2010-3850
CVE-2010-3850: In the Linux kernel, the ec_dev_ioctl function in net/econet/af_econet.c did not require CAP_NET_ADMIN, allowing local users to bypass access restrictions and configure econet addresses via an SIOCSIFADDR ioctl. Documented impact is local privilege/unauthorized configuration; fix a...
CVE-2010-4081
CVE-2010-4081 affects the Linux kernel (sound/pci/rme9652/hdspm.c: snd_hdspm_hwdep_ioctl). The root cause is failure to initialize a structure, enabling local users to read potentially sensitive kernel stack memory via SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO. Affected: kernel versions prior to 2.6.36-r...