474 matches found
CVE-2016-0642
CVE-2016-0642 affects Oracle MySQL Server releases prior to 5.5.49/5.6.30/5.7.x (as cited in multiple advisories). Description: an unspecified vulnerability in the Federated component may lead to integrity and availability impact for local users. Connected sources confirm affected versions (5.5.4...
CVE-2016-2782
CVE-2016-2782 : In the Linux kernel, the treo_attach function in drivers/usb/serial/visor.c (pre-4.5) can be exploited by a physically proximate attacker who inserts a USB device missing a bulk-in or interrupt-in endpoint, causing a NULL pointer dereference and kernel crash (DoS) or possibly othe...
CVE-2010-3876
CVE-2010-3876 affects the Linux kernel: the code path net/packet/af_packet.c in kernel versions before 2.6.37-rc2 does not properly initialize certain structure members, allowing local users with CAP_NET_RAW to read copies of the applicable structures from kernel stack memory. Publicly document d...
CVE-2010-4158
The CVE-2010-4158 issue affects the Linux kernel (pre-2.6.36.2) where sk_run_filter in net/core/filter.c may execute BPF_S_LD_MEM or BPF_S_LDX_MEM before a memory location is initialized. This can allow local users to read potentially sensitive kernel stack memory via a crafted socket filter. The...
CVE-2012-3972
CVE-2012-3972 affects the XSLT format-number functionality in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The vulnerability allows remote attackers to obtain sensitive information via unspecif...
CVE-2013-0746
CVE-2013-0746 affects Mozilla products including Firefox (before 18.0), Firefox ESR (before 10.0.12 and 17.x before 17.0.2), Thunderbird (before 17.0.2, and ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The issue is a quickstubs/jsval return-value handling flaw tha...
CVE-2014-1874
The CVE-2014-1874 entry is about the Linux kernel vulnerability in security/selinux/ss/services.c: the security_context_to_sid_core function before 3.13.4 allows local users with CAP_MAC_ADMIN to set a zero-length security context, causing a denial of service (system crash). Affected product: Lin...
CVE-2014-5077
CVE-2014-5077 affects the Linux kernel’s SCTP code: the function sctp_assoc_update in net/sctp/associola.c (affected in kernel builds up to 3.15.8) can be triggered when SCTP authentication is enabled. An attacker can cause a denial of service via a NULL pointer dereference and kernel OOPS by ini...
CVE-2015-4830
CVE-2015-4830 corresponds to an unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier. The description states remote authenticated users can affect integrity via unknown vectors related to Server:Security:Privileges. Connected documents (F5/K59010802 advisory,...
CVE-2010-4073
CVE-2010-4073 affects the Linux kernel IPC compatibility code: before 2.6.37-rc1, several compat syscall handlers (ipc/compat.c and ipc/compat_mq.c) fail to initialize certain structures, enabling local attackers to read potentially sensitive kernel stack memory via vectors in compat_sys_semctl, ...
CVE-2012-4194
The CVE-2012-4194 issue affects Mozilla Firefox and related Mozilla components where the valueOf shadowing of the location object (window.location) enables cross-site scripting via plugin vectors. Affected software and versions (stated in the provided sources) include: Mozilla Firefox before 16.0...
CVE-2015-0441
CVE-2015-0441 is an unspecified remote-authenticated vulnerability in Oracle MySQL Server 5.5.x (and earlier) affecting availability via unknown vectors in Server: Security: Encryption. Connected advisories confirm this CVE appears in multiple upstream/security notices and requires upgrading MySQ...
CVE-2015-8779
CVE-2015-8779 affects the GNU C Library (glibc). The vulnerability is a stack-based buffer overflow in the catopen() function when handling long catalog names, which can cause an application crash (DoS) or potentially allow arbitrary code execution. Affected products include glibc releases prior ...
CVE-2016-9398
CVE-2016-9398 affects JasPer: the jpc_floorlog2 function in jpc_math.c is vulnerable in versions before 1.900.17, allowing remote attackers to trigger a denial of service (assertion failure) via unspecified vectors. Connected documents confirm the affected component and impact; no remediation det...
CVE-2015-0501
CVE-2015-0501 is a MySQL Server vulnerability affecting 5.5.42 and earlier and 5.6.23 and earlier, where an unspecified issue in Server: Compiling could allow a remote authenticated user to disrupt availability. The connected documents confirm that exploitation details are not provided, and the a...
CVE-2017-5898
CVE-2017-5898 affects Quick Emulator (QEMU) when built with CCID Card device emulator support. The vulnerability is an integer overflow in the emulated_apdu_from_guest function (usb/dev-smartcard-reader.c) that allows a local user to crash the QEMU host process by sending a large APDU unit, causi...
CVE-2012-0442
CVE-2012-0442 covers multiple memory-safety vulnerabilities in the Mozilla browser engine affecting Firefox before 3.6.26 and 4.x–9.0, Thunderbird before 3.1.18 and 5.0–9.0, and SeaMonkey before 2.7. The issues can cause memory corruption, application crashes, or potentially remote code execution...
CVE-2012-3960
CVE-2012-3960 is a use-after-free in mozSpellChecker::SetCurrentDictionary that affects Mozilla Firefox <15.0, Firefox ESR <10.0.7, Thunderbird <15.0 / ESR, and SeaMonkey
CVE-2012-3986
CVE-2012-3986 affects Mozilla Firefox prior to 16.0 (and Firefox ESR 10.x prior to 10.0.8), Thunderbird prior to 16.0, and SeaMonkey before 2.13. The root cause is that certain DOMWindowUtils (nsDOMWindowUtils) methods were not protected by security checks, allowing remote JavaScript to bypass in...
CVE-2010-2249
CVE-2010-2249 affects libpng: memory leak in pngrutil.c when processing certain PNG chunks (notably sCAL). Versions affected are libpng before 1.2.44 and 1.4.x before 1.4.3; exploitation can cause a denial of service via memory consumption and application crash. Remediation per connected sources ...
CVE-2012-3515
CVE-2012-3515 affects QEMU (as used in Xen 4.0/4.1) where emulating certain devices with a virtual console backend lets local guest OS users gain privileges via a crafted escape VT100 sequence that overwrites a device model’s address space. Connected documents confirm this CVE is included in mult...
CVE-2015-8778
CVE-2015-8778 affects the GNU C Library (glibc) prior to 2.23, where an integer/size argument in hcreate_r can trigger an out-of-bounds heap access, potentially causing denial of service or arbitrary code execution. Connected advisories detail that multiple products (notably glibc-containing pack...
CVE-2016-4953
CVE-2016-4953 affects ntpd (NTP 4.x) and relates to DoS via crafted CRYPTO_NAK or spoofed packets that can demobilize ephemeral associations, potentially disrupting time synchronization. Connected docs confirm multiple ntpd-family vulnerabilities (CVE-2016-4953/4954/4955/4956/4957) with root caus...
CVE-2014-2309
CVE-2014-2309 affects the Linux kernel (net/ipv6/route.c, function ip6_route_add) up to version 3.13.6. It causes memory exhaustion via a flood of ICMPv6 Router Advertisement packets, enabling a remote attacker to trigger DoS. The connected Nessus/OpenVAS advisories reference Unity Linux security...
CVE-2009-2416
CVE-2009-2416 is a use-after-free in libxml2 (versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, 2.6.32) and libxml 1.8.17 triggered by crafted Notation/Enumeration attribute types in a DTD; leads to denial of service (application crash). Related CVE-2009-2414 is a stack-growth DoS via deep DTD structures....
CVE-2014-6568
CVE-2014-6568 is an Oracle MySQL/MariaDB vulnerability affecting InnoDB DML leading to potential availability impact in MySQL Server 5.5.x (<=5.5.40) and 5.6.x (
CVE-2019-18903
CVE-2019-18903 describes a Use-After-Free in the wicked service across SUSE/openSUSE products. Affected: SUSE Linux Enterprise Server 12 wicked < 0.6.60-2.18.1 and SLES 15 wicked < 0.6.60-28.26.1; openSUSE Leap 15.1 wicked < 0.6.60-lp151.2.9.1; openSUSE Factory wicked
CVE-2013-0755
CVE-2013-0755 refers to a use-after-free in the mozVibrate implementation of the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15. The vulnerability allows remote code execution...
CVE-2013-0768
Technical details for CVE-2013-0768 are not publicly available in the provided documents. Monitor for updates.
CVE-2014-1489
Technical details for CVE-2014-1489 are not publicly available in the provided documents. Monitor for updates from vendors and vulnerability feeds.
CVE-2014-6469
CVE-2014-6469 is an unspecified vulnerability in Oracle MySQL Server affecting 5.5.39 and earlier and 5.6.20 and earlier, enabling remote authenticated users to affect availability via SERVER:OPTIMIZER. Connected advisories indicate remediation through upgrading MySQL to 5.5.40 or newer (e.g., De...
CVE-2015-0499
CVE-2015-0499 is a documented, non-query vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier, affecting the Server Federated component and capable of denial of service by remote authenticated users. Public details confirm the issue but do not provide exploit specifics. ...
CVE-2019-3687
CVE-2019-3687 affects the permissions package in SUSE/openSUSE SLE/OpenSUSE, allowing local users to run dumpcap with the easy permission profile and sniff network traffic. Affected range: permissions versions from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119...
CVE-2012-0879
CVE-2012-0879 affects the Linux kernel prior to 2.6.33, where the I/O implementation for block devices mishandles the CLONE_IO feature. Local attackers can create multiple processes sharing an I/O context, causing I/O instability and a denial of service. The vulnerability is evidenced across mult...
CVE-2013-0760
CVE-2013-0760 describes a buffer overflow in Mozilla Firefox’s CharDistributionAnalysis::HandleOneChar, allowing remote code execution via a crafted document. Affected products per the description: Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15. Root cause is a memory c...
CVE-2014-0131
CVE-2014-0131 affects the Linux kernel up to version 3.13.6. The vulnerability is a use-after-free in the skb_segment function within net/core/skbuff.c caused by the absence of a certain orphaning operation. Exploitation details are not provided in the supplied documents. The impact is that an at...
CVE-2014-2494
CVE-2014-2494 is an unspecified vulnerability in the MySQL/MariaDB MySQL Server component (affecting Oracle MySQL 5.5.37 and earlier) that can allow remote authenticated users to affect availability via vectors related to ENARC. Connected sources also tie this CVE to MariaDB advisories and tracke...
CVE-2014-4653
Summary (CVE-2014-4653) : The ALSA control implementation in the Linux kernel has a race/lock handling issue in sound/core/control.c. It does not ensure possession of a read/write lock, enabling a local attacker to trigger a denial of service (use-after-free) and to potentially read kernel memory...
CVE-2007-6427
CVE-2007-6427 affects the X.Org Xserver (XInput-Misc extension) prior to version 1.4.1. The root cause is missing input sanitising within the XInput‑Misc code, which can lead to local privilege escalation. In public advisories, this is described as a vulnerability in the XInput‑Misc path that all...
CVE-2012-0449
CVE-2012-0449 affects Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7. Description: remote attackers can cause memory corruption and application crash, or possibly execute arbitrary code via a malformed XSLT stylesheet emb...
CVE-2016-4954
The CVE-2016-4954 entry affects ntpd (NTP v4) and is triggered by the process_packet() function in ntp_proto.c, where NTP 4.x versions before 4.2.8p8 can be caused to enter a peer-variable modification state when it receives spoofed packets from multiple sources, demonstrated by an incorrect leap...
CVE-2011-3659
CVE-2011-3659 is a use-after-free in Mozilla Firefox (before 3.6.26 and 4.x through 9.0), Thunderbird (before 3.1.18 and 5.0 through 9.0), and SeaMonkey (before 2.7). The root cause is premature notification of AttributeChildRemoved that affects access to removed nsDOMAttribute child nodes, enabl...
CVE-2014-4260
CVE-2014-4260 is reported in MariaDB/MySQL contexts as an unspecified vulnerability in the MySQL Server component (SRCHAR vectors) that allows remote authenticated users to affect integrity and availability. Public details in the connected documents indicate MariaDB versions prior to 5.5.38 are a...
CVE-2015-0505
CVE-2015-0505 affects Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier. An unspecified remote-authenticated vulnerability related to Data Definition Language (DDL) operations could cause a denial of service. Impact is limited to availability (partial). The public description does no...
CVE-2015-8934
CVE-2015-8934 affects libarchive up to version 3.2.0, with a flaw in copy_from_lzss_window inside archive_read_support_format_rar.c that can trigger an out-of-bounds heap read via a crafted RAR file, leading to denial of service. Public advisories from multiple vendors describe this as part of a ...
CVE-2010-4081
CVE-2010-4081 affects the Linux kernel (sound/pci/rme9652/hdspm.c: snd_hdspm_hwdep_ioctl). The root cause is failure to initialize a structure, enabling local users to read potentially sensitive kernel stack memory via SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO. Affected: kernel versions prior to 2.6.36-r...
CVE-2012-3991
CVE-2012-3991 affects Mozilla Firefox and related Mozilla products: Firefox and Firefox ESR before the 16.0 line, Thunderbird before 16.0, and SeaMonkey before 2.13 did not properly restrict JSAPI GetProperty access, bypassing the Same Origin Policy. This vulnerability could allow remote attacker...
CVE-2013-0749
CVE-2013-0749 describes multiple unspecified vulnerabilities in the Mozilla Firefox browser engine (before 18.0) and related products (Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2 and ESR 17.x before 17.0.1, SeaMonkey before 2.15). The description states that remote attackers could c...
CVE-2014-0069
The CVE-2014-0069 entry affects the Linux kernel (fs/cifs/file.c: cifs_iovec_write) up to version 3.13.5. The vulnerability stems from improper handling of uncached write operations that copy fewer bytes than requested, enabling local users to read kernel memory (information disclosure), cause me...
CVE-2015-2571
CVE-2015-2571 affects Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier. It is an unspecified vulnerability in the Server: Optimizer that could allow remote authenticated users to cause a denial of service via unknown vectors. Exploitation details are not provided in the supplied docu...