296 matches found
CVE-2014-0198
The connected F5 advisory confirms CVE-2014-0198: the do_ssl3_write function in OpenSSL 1.x (up to 1.0.1g) with SSL_MODE_RELEASE_BUFFERS enabled can trigger a denial-of-service via a NULL pointer dereference in certain recursive alert paths. Impact is remote DoS; no exploitation details are provi...
CVE-2015-0272
CVE-2015-0272 affects GNOME NetworkManager and allows remote denial of service via a crafted MTU value in IPv6 Router Advertisement messages. Public advisories (IBM PowerKVM bulletin and CentOS/Ubuntu/Debian disclosures) show patches and updated NetworkManager packages to fix the issue; remediati...
CVE-2015-2734
CVE-2015-2734 details (mode C): The vulnerability affects Mozilla Firefox (Direct3D 9 implementation) in Windows builds prior to 39.0, Firefox ESR 31.x prior to 31.8 and 38.x prior to 38.1, and Thunderbird prior to 38.1. The underlying issue is reading data from uninitialized memory locations in ...
CVE-2015-8776
The CVE-2015-8776 issue affects the GNU C Library (glibc) strftime() function. The vulnerability, present in glibc versions before 2.23, allows context-dependent attackers to cause a denial of service (application crash) and, in some disclosures, potentially obtain sensitive information via out-o...
CVE-2013-0754
CVE-2013-0754 is a use-after-free in the ListenerManager of Mozilla Firefox (and related Firefox ESR, Thunderbird, SeaMonkey). According to the description, triggering garbage collection after memory allocation for listener objects can allow a remote attacker to execute arbitrary code. Affected p...
CVE-2014-9585
CVE-2014-9585 affects Linux kernels up to 3.18.2. The vdso_addr code in arch/x86/vdso/vma.c can misselect vDSO memory, enabling local users to bypass ASLR by guessing a PMD-end location. Exploitation details and patches/fixes are not provided in the connected documents; monitor advisories for rem...
CVE-2015-2738
CVE-2015-2738 affects Mozilla Firefox (before 39.0; ESR 31.x before 31.8 and 38.x before 38.1) and Thunderbird (before 38.1). The issue is a read from uninitialized memory in YCbCrImageDataDeserializer::ToDataSourceSurface, with unspecified impact and attack vectors. No remediation details are pr...
CVE-2013-0750
CVE-2013-0750 is a high-severity vulnerability in Mozilla’s JavaScript engine where an integer overflow during string concatenation can lead to heap-based memory corruption and remote code execution. Affected products include Firefox prior to 18.0 (and ESR branches), Thunderbird prior to 17.0.2, ...
CVE-2015-0433
The CVE-2015-0433 entry concerns an unspecified vulnerability in Oracle MySQL Server (affected versions: 5.5.41 and earlier; 5.6.22 and earlier) that could allow remote authenticated users to affect availability via InnoDB : DML. Connected advisories from Debian, CentOS, Gentoo, and IBM/Tivoli sh...
CVE-2015-2573
CVE-2015-2573 is an unspecified vulnerability in Oracle MySQL Server (affecting 5.5.41 and earlier; 5.6.22 and earlier) that could allow remote authenticated users to affect availability via DDL-related vectors. The connected documents confirm this CVE appears in multiple security advisories acro...
CVE-2013-0757
CVE-2013-0757 affects Mozilla Firefox (and related Mozilla-based apps) via a Chrome Object Wrapper (COW) bypass that allows changing the prototype of an object, enabling arbitrary code execution with chrome privileges. The SUSE/openSUSE and Gentoo/Nessus summaries map this to MFSA 2013-14 and lis...
CVE-2015-2568
CVE-2015-2568 affects Oracle MySQL Server 5.5.41 and earlier and 5.6.22 and earlier. The vulnerability is described as unspecified with impact to availability, due to issues in the Server : Security : Privileges area. The provided sources indicate a remote attacker could cause a denial of service...
CVE-2012-1970
CVE-2012-1970 affects Mozilla Firefox before 15.0, Thunderbird before 15.0, ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The issue stems from multiple unspecified vulnerabilities in the browser engine that can allow remote attackers to cause memory corruption and application crashes or pote...
CVE-2014-3673
The vulnerability CVE-2014-3673 affects the SCTP implementation in the Linux kernel up to version 3.17.2. A malformed ASCONF chunk can be sent by a remote attacker to trigger a denial of service (system crash). Affected components are net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. Remediat...
CVE-2014-9761
The CVE-2014-9761 issue affects the GNU C Library (glibc) prior to 2.23. It involves stack-based buffer overflows in the nan, nanf, and nanl functions caused by long arguments, which could lead to denial of service or potentially arbitrary code execution. Mitigation in the provided documents reco...
CVE-2013-0748
CVE-2013-0748 affects Mozilla Firefox (before 18.0 and ESR 10.x before 10.0.12, and 17.x before 17.0.2), Thunderbird (before 17.0.2, ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The flaw is in XBL.proto .toString, where calling toString on an XBL object can leak a...
CVE-2015-3209
CVE-2015-3209 : Heap-based buffer overflow in the QEMU PCNET network device allows remote code execution via crafted packet sequences (TXSTATUS_STARTPACKET then TXSTATUS_DEVICEOWNS). This is a QEMU vulnerability discussed in multiple advisories (notably Arista/Security Advisory 0013 and F5/Multi-...
CVE-2014-3690
CVE-2014-3690 affects arch/x86/kvm/vmx.c in the Linux kernel’s KVM subsystem on Intel, where the CR4 control register value may not be preserved across VM entries. The vendor-provided details in connected Nessus advisories describe a local attacker with access to /dev/kvm who can kill arbitrary p...
CVE-2010-2753
CVE-2010-2753 affects Mozilla Firefox (3.5.x before 3.5.11; 3.6.x before 3.6.7), Thunderbird (3.0.x before 3.0.6; 3.1.x before 3.1.1), and SeaMonkey before 2.0.6. Root cause: integer overflow in the XUL tree selection attribute can trigger a use-after-free when handling a large selection in a XUL...
CVE-2012-1976
CVE-2012-1976 refers to a Use-after-free in Mozilla Firefox’s nsHTMLSelectElement::SubmitNamesValues. Affected products include Firefox before 15.0, Firefox ESR before 10.0.7 (10.x), Thunderbird before 15.0, Thunderbird ESR before 10.0.7, and SeaMonkey before 2.12. Impact per the description is r...
CVE-2013-0800
CVE-2013-0800 : An integer signedness error in the pixman_fill_sse2 function (pixman-sse2.c) used by Cairo and shipped with Mozilla Firefox and related products allows a remote attacker to trigger an out-of-bounds write via crafted values (negative box boundary or negative box size). This affects...
CVE-2014-8160
CVE-2014-8160 : In the Linux kernel, net/netfilter/nf_conntrack_proto_generic.c before 3.18 generates incorrect conntrack entries when handling certain iptables rule sets for SCTP, DCCP, GRE, and UDP-Lite. This can allow remote attackers to bypass intended access restrictions by sending packets w...
CVE-2015-2575
CVE-2015-2575 is described in connected docs as an unspecified vulnerability in Oracle MySQL Connector/J (MySQL Connectors component) affecting MySQL 5.1.34 and earlier, allowing remote authenticated users to affect confidentiality and integrity via unknown vectors. The connected materials do not...
CVE-2014-4258
CVE-2014-4258 affects the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier, enabling remote authenticated users to impact confidentiality, integrity, and availability via SRINFOSC. Contained in multiple advisories; mitigations include upgrading MariaDB/Mysql-relate...
CVE-2012-1972
CVE-2012-1972 is a use-after-free in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox, with remote code execution/denial of service via heap memory corruption. Affected products/versions include Firefox prior to 15.0, Firefox ESR 10.x prior to 10.0.7, and Thunderbird prior ...
CVE-2013-0744
CVE-2013-0744 is a use-after-free in the TableBackgroundPainter::TableBackgroundData::Destroy function of Mozilla Firefox prior to 18.0 (and Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2), Thunderbird prior to 17.0.2/ESR 10.x before 10.0.12/17.x before 17.0.2, and SeaMonkey prior to 2.15...
CVE-2016-0642
CVE-2016-0642 affects Oracle MySQL Server releases prior to 5.5.49/5.6.30/5.7.x (as cited in multiple advisories). Description: an unspecified vulnerability in the Federated component may lead to integrity and availability impact for local users. Connected sources confirm affected versions (5.5.4...
CVE-2013-0746
CVE-2013-0746 affects Mozilla products including Firefox (before 18.0), Firefox ESR (before 10.0.12 and 17.x before 17.0.2), Thunderbird (before 17.0.2, and ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The issue is a quickstubs/jsval return-value handling flaw tha...
CVE-2016-2782
CVE-2016-2782 : In the Linux kernel, the treo_attach function in drivers/usb/serial/visor.c (pre-4.5) can be exploited by a physically proximate attacker who inserts a USB device missing a bulk-in or interrupt-in endpoint, causing a NULL pointer dereference and kernel crash (DoS) or possibly othe...
CVE-2010-3876
CVE-2010-3876 affects the Linux kernel: the code path net/packet/af_packet.c in kernel versions before 2.6.37-rc2 does not properly initialize certain structure members, allowing local users with CAP_NET_RAW to read copies of the applicable structures from kernel stack memory. Publicly document d...
CVE-2010-4158
The CVE-2010-4158 issue affects the Linux kernel (pre-2.6.36.2) where sk_run_filter in net/core/filter.c may execute BPF_S_LD_MEM or BPF_S_LDX_MEM before a memory location is initialized. This can allow local users to read potentially sensitive kernel stack memory via a crafted socket filter. The...
CVE-2014-3687
The provided materials confirm CVE-2014-3687 affects the Linux kernel SCTP implementation (net/sctp/associola.c) up to version 3.17.2. The vulnerability allows remote attackers to cause a denial of service (panic) by sending duplicate ASCONF chunks, triggering an incorrect uncork within the side-...
CVE-2015-4830
CVE-2015-4830 corresponds to an unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier. The description states remote authenticated users can affect integrity via unknown vectors related to Server:Security:Privileges. Connected documents (F5/K59010802 advisory,...
CVE-2016-9398
CVE-2016-9398 affects JasPer: the jpc_floorlog2 function in jpc_math.c is vulnerable in versions before 1.900.17, allowing remote attackers to trigger a denial of service (assertion failure) via unspecified vectors. Connected documents confirm the affected component and impact; no remediation det...
CVE-2012-4194
The CVE-2012-4194 issue affects Mozilla Firefox and related Mozilla components where the valueOf shadowing of the location object (window.location) enables cross-site scripting via plugin vectors. Affected software and versions (stated in the provided sources) include: Mozilla Firefox before 16.0...
CVE-2015-0441
CVE-2015-0441 is an unspecified remote-authenticated vulnerability in Oracle MySQL Server 5.5.x (and earlier) affecting availability via unknown vectors in Server: Security: Encryption. Connected advisories confirm this CVE appears in multiple upstream/security notices and requires upgrading MySQ...
CVE-2016-4473
CVE-2016-4473 affects PHP Phar handling (phar_object.c); versions 7.0.7 and 5.6.x are impacted. A crafted Phar archive can trigger an invalid free in phar-compatible archive processing, enabling remote code execution. Debian security updates cite a patch (DLA-628-1) addressing this issue; other r...
CVE-2015-0501
CVE-2015-0501 is a MySQL Server vulnerability affecting 5.5.42 and earlier and 5.6.23 and earlier, where an unspecified issue in Server: Compiling could allow a remote authenticated user to disrupt availability. The connected documents confirm that exploitation details are not provided, and the a...
CVE-2015-8779
CVE-2015-8779 affects the GNU C Library (glibc). The vulnerability is a stack-based buffer overflow in the catopen() function when handling long catalog names, which can cause an application crash (DoS) or potentially allow arbitrary code execution. Affected products include glibc releases prior ...
CVE-2012-3960
CVE-2012-3960 is a use-after-free in mozSpellChecker::SetCurrentDictionary that affects Mozilla Firefox <15.0, Firefox ESR <10.0.7, Thunderbird <15.0 / ESR, and SeaMonkey
CVE-2010-4073
CVE-2010-4073 affects the Linux kernel IPC compatibility code: before 2.6.37-rc1, several compat syscall handlers (ipc/compat.c and ipc/compat_mq.c) fail to initialize certain structures, enabling local attackers to read potentially sensitive kernel stack memory via vectors in compat_sys_semctl, ...
CVE-2012-3972
CVE-2012-3972 affects the XSLT format-number functionality in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The vulnerability allows remote attackers to obtain sensitive information via unspecif...
CVE-2017-5898
CVE-2017-5898 affects Quick Emulator (QEMU) when built with CCID Card device emulator support. The vulnerability is an integer overflow in the emulated_apdu_from_guest function (usb/dev-smartcard-reader.c) that allows a local user to crash the QEMU host process by sending a large APDU unit, causi...
CVE-2012-0442
CVE-2012-0442 covers multiple memory-safety vulnerabilities in the Mozilla browser engine affecting Firefox before 3.6.26 and 4.x–9.0, Thunderbird before 3.1.18 and 5.0–9.0, and SeaMonkey before 2.7. The issues can cause memory corruption, application crashes, or potentially remote code execution...
CVE-2015-8778
CVE-2015-8778 affects the GNU C Library (glibc) prior to 2.23, where an integer/size argument in hcreate_r can trigger an out-of-bounds heap access, potentially causing denial of service or arbitrary code execution. Connected advisories detail that multiple products (notably glibc-containing pack...
CVE-2015-8866
CVE-2015-8866 describes a XXE/XEE vulnerability in PHP when using PHP-FPM, where libxml_disable_entity_loader changes are shared across threads, allowing crafted XML to exploit libxml. Affected versions include PHP prior to 5.5.22 and 5.6.x prior to 5.6.6; the issue stems from insufficient isolat...
CVE-2013-0755
CVE-2013-0755 refers to a use-after-free in the mozVibrate implementation of the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15. The vulnerability allows remote code execution...
CVE-2014-6469
CVE-2014-6469 is an unspecified vulnerability in Oracle MySQL Server affecting 5.5.39 and earlier and 5.6.20 and earlier, enabling remote authenticated users to affect availability via SERVER:OPTIMIZER. Connected advisories indicate remediation through upgrading MySQL to 5.5.40 or newer (e.g., De...
CVE-2012-3515
CVE-2012-3515 affects QEMU (as used in Xen 4.0/4.1) where emulating certain devices with a virtual console backend lets local guest OS users gain privileges via a crafted escape VT100 sequence that overwrites a device model’s address space. Connected documents confirm this CVE is included in mult...
CVE-2014-1489
Technical details for CVE-2014-1489 are not publicly available in the provided documents. Monitor for updates from vendors and vulnerability feeds.