474 matches found
CVE-2010-4081
CVE-2010-4081 affects the Linux kernel (sound/pci/rme9652/hdspm.c: snd_hdspm_hwdep_ioctl). The root cause is failure to initialize a structure, enabling local users to read potentially sensitive kernel stack memory via SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO. Affected: kernel versions prior to 2.6.36-r...
CVE-2012-4188
CVE-2012-4188 is a heap-based buffer overflow in Mozilla Firefox’s Convolve3x3 path, affecting Firefox before 16.0 (and ESR 10.x before 10.0.8), Thunderbird before 16.0 (and ESR 10.x before 10.0.8), and SeaMonkey before 2.13. The vulnerability allows remote code execution via unspecified vectors;...
CVE-2013-0761
CVE-2013-0761 is a use-after-free vulnerability in Firefox’s mozilla::TrackUnionStream::EndTrack that could allow remote code execution or a denial of service via heap memory corruption. Affected products include Firefox before 18.0 (and ESR 17.x before 17.0.1), Thunderbird before 17.0.2 (and ESR...
CVE-2014-4260
CVE-2014-4260 is reported in MariaDB/MySQL contexts as an unspecified vulnerability in the MySQL Server component (SRCHAR vectors) that allows remote authenticated users to affect integrity and availability. Public details in the connected documents indicate MariaDB versions prior to 5.5.38 are a...
CVE-2014-6551
CVE-2014-6551 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier. The connected document notes an unspecified local vulnerability that allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN. No explicit root cause detail or exploit information is ...
CVE-2015-2571
CVE-2015-2571 affects Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier. It is an unspecified vulnerability in the Server: Optimizer that could allow remote authenticated users to cause a denial of service via unknown vectors. Exploitation details are not provided in the supplied docu...
CVE-2014-1488
CVE-2014-1488 affects Mozilla Firefox < 27.0 and SeaMonkey
CVE-2014-1738
CVE-2014-1738 is a Linux kernel vulnerability in the floppy driver (raw_cmd_copyout) where processing FDRAWCMD IOCTL calls could allow local attackers with write access to /dev/fd to read kernel heap memory. The flaw is described as an improper restriction of pointers during FDRAWCMD processing, ...
CVE-2016-0651
CVE-2016-0651 is described in connected documents as an unspecified vulnerability in Oracle MySQL Server (5.5.46 and earlier) affecting the Optimizer subcomponent that can allow local users to impact availability. The available sources identify affected product as Oracle MySQL Server and the impa...
CVE-2009-3080
CVE-2009-3080 affects the Linux kernel gdth driver (gdth_read_event in drivers/scsi/gdth.c). In kernels before 2.6.32-rc8, a negative event index in an IOCTL can allow local users to cause a denial of service or potentially gain privileges. MiracleLinux advisories cite this CVE as part of affecte...
CVE-2011-4132
CVE-2011-4132 affects the Linux kernel’s Journaling Block Device (JBD) cleanup_journal_tail function. The vulnerability allows local users to trigger a denial of service (assertion error and kernel oops) when handling an ext3 or ext4 image containing an invalid log first block value. The descript...
CVE-2012-4185
CVE-2012-4185 describes a buffer overflow in Mozilla Firefox’s nsCharTraits::length function that could allow remote code execution or a heap memory corruption in Firefox <16.0, ESR 10.x <10.0.8, Thunderbird <16.0/ESR 10.x <10.0.8, and SeaMonkey
CVE-2012-4214
CVE-2012-4214 is a use-after-free in Mozilla Firefox’s nsTextEditorState::PrepareEditor, affecting Firefox before 17.0 and ESR 10.x before 10.0.11, Thunderbird before 17.0/ESR 10.x before 10.0.11, and SeaMonkey before 2.14. The vulnerability can allow remote attackers to execute arbitrary code or...
CVE-2014-4656
CVE-2014-4656 affects the Linux kernel ALSA sound control (sound/core/control.c). The vulnerability arises from multiple integer overflows in ALSA control handling, exploitable by local users via /dev/snd/controlCX to cause a denial of service. The issue is tied to (1) index values in snd_ctl_add...
CVE-2014-6559
CVE-2014-6559 affects Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier. The vulnerability is described as unspecified with respect to C API SSL CERTIFICATE HANDLING and could allow remote attackers to obtain confidential information (partial confidentiality impact). No exploit detai...
CVE-2015-0374
CVE-2015-0374 is a MySQL/MariaDB server vulnerability impacting confidentiality via unknown vectors in Foreign Key handling. Affected products and versions include Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier (and MariaDB/forked releases in corresponding lines). Public advisories...
CVE-2015-5154
CVE-2015-5154 is a heap-based buffer overflow in QEMU’s IDE subsystem (ATAPI handling). A privileged guest with a CDROM drive enabled could potentially execute arbitrary host code via crafted ATAPI I/O. Public docs specify this as a host-attack surface when CD-ROM access is present; Debian securi...
CVE-2009-2848
CVE-2009-2848 is confirmed in connected material as applicable to MiracleLinux kernel package 2.6.18-128.10AXS3, aligning with the Linux kernel vulnerability where execve does not properly clear current->clear_child_tid during thread creation/exit. This misbehavior can enable local users to ca...
CVE-2010-3067
CVE-2010-3067 affects the Linux kernel: an integer overflow in do_io_submit (fs/aio.c) in versions before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly other impact via crafted io_submit usage. The vulnerability is rooted in improper handling within the io_s...
CVE-2012-3959
CVE-2012-3959 describes a use-after-free in Mozilla Firefox’s nsRangeUpdater::SelAdjDeleteNode, affecting Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The vulnerability allows remote attackers to execu...
CVE-2012-4207
CVE-2012-4207 affects Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0 / ESR 10.x, and SeaMonkey before 2.14. The flaw in the HZ-GB-2312 charset implementation allows remote attackers to perform cross-site scripting (XSS) via a crafted document, due to imprope...
CVE-2013-0745
This CVE (CVE-2013-0745) affects Mozilla Firefox prior to 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15. It is caused by the AutoWrapperChanger not interacting correctly with garbage collection, enabling remote code ...
CVE-2013-0764
CVE-2013-0764 affects Mozilla Firefox (before 18.0), Firefox ESR (before 17.0.2), Thunderbird (before 17.0.2 and ESR 17.x before 17.0.2), and SeaMonkey (before 2.15). The vulnerability is a thread-safety issue in nsSOCKSSocketInfo::ConnectToProxy that can allow remote code execution through craft...
CVE-2015-5239
CVE-2015-5239 : QEMU’s VNC display driver is vulnerable to an integer overflow in the vnc_client_read()/protocol_client_msg() paths when processing a CLIENT_CUT_TEXT message, which can cause an infinite loop and crash the QEMU process. Affected products include QEMU with the VNC display driver pr...
CVE-2013-5612
CVE-2013-5612 is a cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 due to the absence of a charset parameter in the Content-Type header. Connected advisories confirm Firefox/SeaMonkey fixes in 2013–2014 releases (e.g., openSUSE SU-2013:1917, Mirac...
CVE-2015-0391
CVE-2015-0391 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier, with remote authenticated access able to affect availability via DDL-related vectors. Connected advisories confirm MariaDB/Mysql contexts and list affected versions; RHSA-2015:0117 remediation upgrades MariaDB to...
CVE-2024-46956
CVE-2024-46956 affects Artifex Ghostscript (psi/zfile.c) with an out-of-bounds data access in filenameforall that can lead to arbitrary code execution on Ghostscript versions up to 10.04.0. Connected advisories confirm this vulnerability and provide patch guidance; mitigation is to update Ghostsc...
CVE-2012-4201
CVE-2012-4201 is a concrete Firefox/XULRunner/Thunderbird/SeaMonkey vulnerability: the evalInSandbox path mishandles the context when processing JavaScript that sets location.href, enabling remote XSS or read access to arbitrary files via a sandboxed add-on. Affected software includes Mozilla Fir...
CVE-2012-4202
CVE-2012-4202 describes a heap-based buffer overflow in Firefox’s image::RasterImage::DrawFrameTo, exploitable via a crafted GIF image to execute arbitrary code. Affected products include Mozilla Firefox before 17.0, Firefox ESR before 10.0.11 (10.x), Thunderbird before 17.0, Thunderbird ESR befo...
CVE-2012-5842
CVE-2012-5842 is a Mozilla Firefox browser engine vulnerability described as multiple unspecified vulnerabilities that can cause memory corruption leading to a crash or possibly remote code execution. Affected products/versions per description: Mozilla Firefox before 17.0, Firefox ESR 10.x before...
CVE-2014-1947
CVE-2014-1947, 2014-1958, and 2014-2030 describe stack-based buffer overflows in ImageMagick’s PSD handling (psd.c): WritePSDImage and DecodePSDPixels functions are implicated. 1947 targets WritePSDImage in ImageMagick 6.5.4 and earlier, enabling potential denial of service or remote code executi...
CVE-2014-4654
The CVE-2014-4654 issue affects the Linux kernel ALSA control implementation (snd_ctl_elem_add in sound/core/control.c). The root cause is a lack of authorization checks for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, allowing local attackers with access to /dev/snd/controlX to remove kernel controls....
CVE-2009-1072
CVE-2009-1072 affects the Linux kernel prior to 2.6.28.9. nfsd in the kernel does not drop the CAP_MKNOD capability before handling a user request in a thread, enabling local users on an exported filesystem using root_squash to create device nodes. MiracleLinux 3 lists this as fixed in kernel-2.6...
CVE-2010-4163
The CVE-2010-4163 issue affects the Linux kernel, where blk_rq_map_user_iov in block/blk-map.c is vulnerable before version 2.6.36.2. A local attacker can trigger a denial of service (kernel panic) by submitting a zero-length I/O request via a device ioctl to a SCSI device. The description explic...
CVE-2012-5836
CVE-2012-5836 affects Mozilla Firefox (before 17.0), Mozilla Thunderbird (before 17.0), and SeaMonkey (before 2.14). The issue can allow remote code execution or an application crash when CSS properties are combined with SVG text, due to the root cause described by MFSA 2012-94. Public advisories...
CVE-2014-1483
Technical details for CVE-2014-1483 are not publicly provided in the connected documents; sources reference the CVE but do not disclose affected products, versions, root cause, impact, or fixes. Monitor for updates.
CVE-2014-3467
GNUTLS/library libtasn1 vulnerability CVE-2014-3467 is due to multiple issues in the DER decoder of GNU Libtasn1 up to version 3.5.x (pre-3.6), exploited by crafted ASN.1 data to cause a denial of service via out-of-bounds read. The issue is confirmed in multiple advisories (F5 SOL15423, ALAS-201...
CVE-2014-6520
CVE-2014-6520 affects Oracle MySQL Server 5.5.38 and earlier. The vulnerability is described as unspecified and allows remote authenticated users to affect availability via vectors related to SERVER:DDL; impact is noted as partial availability. Connected sources list this CVE among MariaDB/MySQL-...
CVE-2014-6530
CVE-2014-6530 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier via CLIENT:MYSQLDUMP. Connected advisories reference CVE-2014-6530 and indicate remediation through upgrading MariaDB/MySQL components to fixed versions (e.g., MariaDB/MariaDB-Galera updates to 5.5.40 per RHSA adv...
CVE-2015-0382
CVE-2015-0382 is a remote-availability vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier, related to Server: Replication, separate from CVE-2015-0381. The connected advisories show multiple vendors/types referencing MySQL/MariaDB vulnerabilities with potential DoS or ...
CVE-2015-8551
CVE-2015-8551 affects the Xen PCI backend driver (pciback) when Xen runs on x86 with a Linux 3.1.x–4.3.x driver domain. The issue arises from missing sanity checks in XEN_PCI_OP_* operations, allowing a local guest administrator with access to a passed-through MSI/MSI-X PCI device to trigger BUG ...
CVE-2017-16232
CVE-2017-16232 affects LibTIFF 4.0.8, which is reported to have multiple memory‑leak vulnerabilities that can lead to memory exhaustion/DoS. The initial entry notes third parties could not reproduce the issue. Connected advisories reference LibTIFF-related CVEs and indicate that fixes exist in la...
CVE-2010-2962
The CVE-2010-2962 issue affects the Intel i915 DRM GEM in the Linux kernel prior to 2.6.36. It arises from insufficient validation of pointers to memory blocks in i915_gem.c, enabling local users to write to kernel memory via crafted ioctl usage (pwrite/pread) and potentially gain privileges.
CVE-2010-3296
CVE-2010-3296 affects the Linux kernel driver cxgb3 (cxgb_extension_ioctl in drivers/net/cxgb3/cxgb3_main.c). The advisory states that the code path in kernels up to 2.6.36-rc5 does not properly initialize a structure member, allowing a local user to potentially read sensitive data from kernel st...
CVE-2010-3442
Technical details for CVE-2010-3442 are not publicly provided in the connected documents. The sources reference the CVE and affected kernel versions but do not describe exploitability, impact specifics, or fixes. Monitor for vendor advisories and updates.
CVE-2012-3967
CVE-2012-3967 is a Firefox/WebGL vulnerability on Linux where the WebGL implementation fails to interact correctly with Mesa drivers when a large number of sampler uniforms are used. This can let remote attackers execute arbitrary code or cause a denial of service (stack memory corruption) via a ...
CVE-2014-3601
CVE-2014-3601 is a Linux kernel/KVM issue affecting the kvm_iommu_map_pages function in virt/kvm/iommu.c up to kernel 3.16.1. The vulnerability arises from miscalculating the number of pages during a mapping failure, allowing a guest OS user to trigger either host memory corruption (denial of ser...
CVE-2017-13084
CVE-2017-13084 describes a vulnerability in WPA/WPA2 where the Station-To-Station-Link (STK) key can be reinstalled during the PeerKey handshake. An attacker within wireless range may replay, decrypt, or spoof frames by exploiting STSL STK reinstallation. Public sources confirm this as part of th...
CVE-2012-3992
CVE-2012-3992 affects Mozilla Firefox (and related Firefox-based apps) where history data is not properly handled. The flaw lets remote attackers perform cross-site scripting (XSS) or obtain sensitive POST content via a location.hash write operation combined with history navigation that loads a U...
CVE-2013-0747
Technical details for CVE-2013-0747 are not publicly provided in the supplied documents. Monitor for updates.