474 matches found
CVE-2010-3298
CVE-2010-3298 affects the Linux kernel. The hso_get_count function in drivers/net/usb/hso.c, in kernel builds before 2.6.36-rc5, does not initialize a certain structure member, which allows local users to read potentially sensitive information from kernel stack memory via the TIOCGICOUNT ioctl. T...
CVE-2015-8926
CVE-2015-8926 affects libarchive, where the function archive_read_format_rar_read_data in the RAR parser can be triggered by a specially crafted RAR file to cause a crash (denial of service). The initial description notes this as a vulnerability in libarchive prior to 3.2.0. Connected sources cor...
CVE-2012-4182
CVE-2012-4182 is a Use-after-free in Mozilla Firefox’s nsTextEditRules::WillInsert, affecting Firefox <= 16.0 and Firefox ESR <= 10.x <= 10.0.8, Thunderbird <= 16.0 and ESR 10.x <= 10.0.8, and SeaMonkey
CVE-2012-4215
CVE-2012-4215 is a use-after-free in Mozilla Firefox’s nsPlaintextEditor::FireClipboardEvent that could allow remote code execution or a heap memory corruption, affecting Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before...
CVE-2012-4216
CVE-2012-4216 is a use-after-free in gfxFont::GetFontEntry affecting Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14. Exploitation could lead to remote code execution or a denial of service via h...
CVE-2014-3469
CVE-2014-3469 affects GNU libtasn1 before 3.6, where the functions asn1_read_value_type and asn1_read_value may dereference a NULL ivalue. In this context, crafted ASN.1 data can trigger a NULL pointer dereference in the library, leading to a denial of service (crash). The vulnerability is noted ...
CVE-2015-5041
CVE-2015-5041 : IBM J9 JVM flaw in IBM SDK, Java Technology Edition allows remote attackers to invoke non-public interface methods, potentially exposing sensitive data or allowing data injection. Affected IBM Java versions: 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 bef...
CVE-2015-8930
CVE-2015-8930 affects libarchive’s ISO parser (bsdtar) and can cause a denial-of-service via an infinite loop when opening a crafted ISO with a directory that is a member of itself. The available connected documents show this vulnerability across multiple advisories and platforms, indicating it i...
CVE-2009-1186
CVE-2009-1186 affects udev prior to version 1.4.1, where a buffer overflow in util_path_encode in udev/lib/libudev-util.c can be triggered by crafted arguments, enabling a local denial of service. Public reports tie this with the same issue as CVE-2009-1185/1186; multiple advisories (Mandriva, Ma...
CVE-2012-5833
CVE-2012-5833 concerns WebGL texImage2D handling in Mozilla Firefox (and related Gecko-based products) that interacts with Mesa drivers. The vulnerability can allow remote code execution or a denial of service (memory corruption) via certain level parameter values. Affected versions include Firef...
CVE-2015-2695
CVE-2015-2695 affects MIT Kerberos 5 (krb5) where the krb5 GSS-API SPNEGO mechanism mishandles a context, relying on an inappropriate context handle. This can enable a remote attacker to cause a denial of service via a crafted gss_inquire_context call on a partially-established SPNEGO context, le...
CVE-2015-2696
MIT Kerberos 5 (krb5) vulnerability CVE-2015-2696 arises from an inappropriate context handle in iakerb.c, enabling remote denial of service via crafted IAKERB packets during gss_inquire_context. IBM CP4S remediation in the connected materials shows affected Cloud Pak for Security versions 1.8.0....
CVE-2009-1961
CVE-2009-1961 is a local-denial-of-service vulnerability in the Linux kernel related to the inode double-locking path in fs/ocfs2/file.c. A sequence of splice system calls can deadlock between generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write, preventing file creation/remov...
CVE-2010-2478
CVE-2010-2478: The Linux kernel before 2.6.33.7 on 32-bit platforms has an integer overflow in ethtool_get_rxnfc(), triggered by a large info.rule_cnt via ETHTOOL_GRXCLSRLALL. Local users can cause a denial of service or potentially other impact (as described in the connected Mirage/Linux advisor...
CVE-2012-5835
CVE-2012-5835 describes an integer overflow in the WebGL subsystem of Mozilla Firefox prior to 17.0 (also affecting Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0 and Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14). The overflow can lead to remote code execution or a den...
CVE-2021-32000
CVE-2021-32000 is a local privilege issue in the clone-master-clean-up.sh script of the clone-master-clean-up utility. A UNIX symlink following vulnerability could allow local attackers to delete arbitrary files on SUSE Linux Enterprise Server 12 SP3 (1.6-4.6.1 and earlier) and 15 SP1 (1.6-3.9.1 ...
CVE-2010-3782
CVE-2010-3782 affects obs-server prior to 1.7.7, where a bug in the REST API implementation allows login by 'unconfirmed' accounts. This exposes unauthorized access through the authentication flow. The practical impact is limited to systems running affected obs-server versions and relying on unco...
CVE-2012-3956
CVE-2012-3956 is a use-after-free in MediaStreamGraphThreadRunnable::Run in Mozilla Firefox before 15.0 (and similar affected versions for Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0/ESR 10.x before 10.0.7, SeaMonkey before 2.12). Successful exploitation could allow remote attackers t...
CVE-2012-3968
CVE-2012-3968 is a use-after-free in Firefox’s WebGL implementation related to deletion of a fragment shader by its accessor. The issue allows remote attackers to execute arbitrary code via crafted web content. Affected products include Mozilla Firefox (and Firefox ESR 10.x lineage) prior to patc...
CVE-2012-5838
CVE-2012-5838 affects the WebGL copyTexImage2D in Mozilla Firefox (<17.0), Thunderbird (<17.0), and SeaMonkey (
CVE-2013-0771
CVE-2013-0771 describes a heap-based buffer overflow in Mozilla Firefox’s gfxTextRun::ShrinkToLigatureBoundaries, affecting Firefox before 18.0 (and ESR 17.x before 17.0.1), Thunderbird before 17.0.2 (and ESR 17.x before 17.0.1), and SeaMonkey before 2.15. Successful exploitation via a crafted do...
CVE-2012-5840
CVE-2012-5840 is a Use-after-free vulnerability in Mozilla Firefox’s nsTextEditorState::PrepareEditor, affecting Firefox prior to 17.0, Firefox ESR 10.x prior to 10.0.11, Thunderbird prior to 17.0, Thunderbird ESR 10.x prior to 10.0.11, and SeaMonkey prior to 2.14. The flaw allows remote attacker...
CVE-2015-0484
CVE-2015-0484 affects Oracle Java SE 7u76, 8u40 and JavaFX 2.2.76. The Initial Description notes an unspecified vulnerability with unknown vectors impacting confidentiality, integrity, and availability. Connected documents confirm this CVE is bundled with multiple Java vulnerabilities and show se...
CVE-2016-4957
ntpd (NTP) before version 4.2.8p8 is vulnerable to a remote DoS via specially crafted crypto-NAK packets, causing ntpd to crash. This issue stems from an incorrect fix applied after CVE-2016-1547 and affects ntpd’s handling of CRYPTO-NAK. Public references indicate an impact to the daemon’s avail...
CVE-2009-2472
Affected software: Mozilla Firefox before 3.0.12 (as per CVE-2009-2472). Issue: during object construction, Firefox did not always use XPCCrossOriginWrapper, allowing bypass of the Same Origin Policy and enabling cross-site scripting (XSS) via a crafted document. Impact: potential XSS vulnerabili...
CVE-2011-3970
CVE-2011-3970 affects libxslt as used in Google Chrome prior to 17.0.963.46, enabling a remote attacker to cause a denial of service via an out-of-bounds read (vectors not specified in the entry). The issue has been addressed in downstream advisories and Chrome updates; Chrome/SUSE/Fedora advisor...
CVE-2013-2021
The CVE-2013-2021 issue affects ClamAV up to version 0.97.7, where pdf.c mishandles a crafted length in encrypted PDF files, causing an out-of-bounds read and potential denial of service. Public advisories within the connected documents corroborate fixes tied to ClamAV 0.97.8 and later. Affected ...
CVE-2015-0492
CVE-2015-0492 is an unspecified vulnerability in Oracle Java SE 7u76, 8u40, and JavaFX 2.2.76 that could affect confidentiality, integrity, and availability via unknown vectors. Connected sources confirm this CVE was addressed by OpenJDK/OpenJRE/JDK security updates in openSUSE/SUSE advisories (e...
CVE-2011-3439
CVE-2011-3439 affects FreeType in CoreGraphics on Apple iOS prior to 5.0.1. An attacker could craft a font in a document to trigger memory corruption, enabling remote code execution or a denial of service. Affected component: FreeType/CoreGraphics; impact: code execution and memory corruption. Re...
CVE-2012-5839
CVE-2012-5839 is a heap-based buffer overflow in Mozilla's gfxShapedWord::CompressedGlyph::IsClusterStart that affects Firefox and related Mozilla components. Affected software includes Mozilla Firefox before 17.0 (and ESR 10.x before 10.0.11), Thunderbird before 17.0 (and ESR 10.x before 10.0.11...
CVE-2024-46955
CVE-2024-46955 : Ghostscript contains an out-of-bounds read in psi/zcolor.c when reading color in Indexed color space, before version 10.04.0. Impact is a local issue with user interaction required (per CVSS details: AV:L, UI:R, Availability:A:H). The fix is indicated by the ghostpdl-10.04.0 comm...
CVE-2014-9853
CVE-2014-9853 : In ImageMagick, a memory leak in the coders/rle.c parser can be triggered by a crafted RLE file, enabling remote attackers to cause a denial of service via memory consumption. The available documents confirm ImageMagick and the rle.c component as the affected codepath; no version ...
CVE-2012-4196
CVE-2012-4196 affects Mozilla Firefox (and related Mozilla components) where a prototype property-injection attack on the Location object (window.location) bypassed Same Origin Policy. Affected are Firefox prior to 16.0.2, Firefox ESR 10.x prior to 10.0.10, Thunderbird prior to 16.0.2, Thunderbir...
CVE-2013-5610
CVE-2013-5610 is a memory-corruption vulnerability in the Mozilla Firefox browser engine (pre-26.0) and SeaMonkey (pre-2.23) with potential remote code execution via unknown vectors and denial of service. Public advisories (e.g., openSUSE/MFSA entries) indicate fixes are available by upgrading Fi...
CVE-2014-6564
CVE-2014-6564 affects Oracle MySQL Server 5.6.19 and earlier. Described as an unspecified vulnerability that allows remote authenticated users to affect availability via INNODB FULLTEXT SEARCH DML vectors. Connected sources confirm affected product/version and impact focus on availability; no exp...
CVE-2012-4179
CVE-2012-4179 is a use-after-free in Mozilla Firefox's nsHTMLCSSUtils::CreateCSSPropertyTxn that can lead to code execution or heap memory corruption. Affected are Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey befor...
CVE-2012-4183
CVE-2012-4183 is a use-after-free in DOMSVGTests::GetRequiredFeatures affecting Firefox before 16.0, Firefox ESR before 10.0.8, Thunderbird before 16.0, and SeaMonkey before 2.13, with potential for remote code execution or a denial of service via heap memory corruption. Connected advisories from...
CVE-2012-4184
CVE-2012-4184 affects Mozilla's COW in Firefox (and related Mozilla products) prior to version 16.0 (Firefox), ESR 10.x prior to 10.0.8, Thunderbird prior to 16.0, Thunderbird ESR 10.x prior to 10.0.8, and SeaMonkey prior to 2.13. The issue allows a crafted web site to bypass restrictions and acc...
CVE-2012-3963
CVE-2012-3963 is a Use-after-free in Mozilla Firefox's js::gc::MapAllocToTraceKind that can allow remote code execution. Affected: Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, SeaMonkey before 2.12. Mitigation: upgrade to Firefo...
CVE-2012-4193
CVE-2012-4193 affects Mozilla Firefox and related Mozilla products (Firefox before 16.0.1, Firefox ESR before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR before 10.0.9, SeaMonkey before 2.13.1). Root cause: a security check in the defaultValue unwrapping of security wrappers is omitted, al...
CVE-2015-8925
CVE-2015-8925 affects libarchive (before 3.2.0). A denial of service can be triggered by processing a crafted mtree file due to an invalid memory read in read_mtree. Affected products include libarchive in various distributions; remediation is to upgrade to a fixed libarchive version as provided ...
CVE-2009-0115
CVE-2009-0115 affects the device-mapper-multipath tool (multipath-tools) version 0.4.8 used in multiple Linux distributions (SUSE openSUSE, SLES, Fedora, etc.). The underlying issue is world-writable permissions on the socket file /var/run/multipathd.sock, which allows a local user to send arbitr...
CVE-2010-0013
CVE-2010-0013 affects Pidgin (libpurple) via the MSN protocol plugin, specifically the slp.c code path handling custom smiley requests. A directory traversal vulnerability in an MSN emoticon request (.. in filename) could allow remote attackers to read arbitrary files on the affected host. Root c...
CVE-2012-5843
CVE-2012-5843 affects Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14. The vulnerability is described as unspecified memory safety hazards in the browser engine that could lead to memory corruption and a crash (DoS) or, potentially, arbitrary code execution via unk...
CVE-2008-0063
CVE-2008-0063 affects MIT Kerberos 5 (krb5kdc) where Kerberos v4 support leaves an unused buffer uncleared when generating error messages. This can allow remote attackers to read sensitive information from memory. Public advisories across multiple vendors (e.g., MiracleLinux AXSA-2008-345/AXSA-20...
CVE-2023-23005
The CVE-2023-23005 issue affects the Linux kernel prior to 6.2. It occurs in mm/memory-tiers.c where alloc_memory_type is misinterpreted (treating an error pointer as NULL in the error case), potentially enabling an availability impact. The root cause is the incorrect handling of the alloc_memory...
CVE-2014-9854
CVE-2014-9854 affects ImageMagick, specifically the tiff coder (coders/tiff.c). The vulnerability allows remote attackers to cause an application crash (DoS) via vectors related to image identification. The supplied connected documents confirm the existence of this CVE within ImageMagick and desc...
CVE-2008-1945
CVE-2008-1945 is documented in multiple advisories linked to QEMU 0.9.0 used within MiracleLinux/Xen deployments. The vulnerability arises when a guest OS alters the removable media header via the -usbdevice diskformat option, enabling the guest to read arbitrary files from the host by identifyin...
CVE-2012-4217
CVE-2012-4217 is a use-after-free in Mozilla Firefox <17.0, Thunderbird <17.0, and SeaMonkey
CVE-2014-1494
CVE-2014-1494 concerns multiple memory-safety vulnerabilities in the browser engine of Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25, with remote denial of service or potential arbitrary code execution via unknown vectors. The connected docs confirm that these issues are part of MFSA ...