296 matches found
CVE-2014-1489
Technical details for CVE-2014-1489 are not publicly available in the provided documents. Monitor for updates from vendors and vulnerability feeds.
CVE-2014-6568
CVE-2014-6568 is an Oracle MySQL/MariaDB vulnerability affecting InnoDB DML leading to potential availability impact in MySQL Server 5.5.x (<=5.5.40) and 5.6.x (
CVE-2013-0768
Technical details for CVE-2013-0768 are not publicly available in the provided documents. Monitor for updates.
CVE-2013-0760
CVE-2013-0760 describes a buffer overflow in Mozilla Firefox’s CharDistributionAnalysis::HandleOneChar, allowing remote code execution via a crafted document. Affected products per the description: Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15. Root cause is a memory c...
CVE-2014-2494
CVE-2014-2494 is an unspecified vulnerability in the MySQL/MariaDB MySQL Server component (affecting Oracle MySQL 5.5.37 and earlier) that can allow remote authenticated users to affect availability via vectors related to ENARC. Connected sources also tie this CVE to MariaDB advisories and tracke...
CVE-2007-6427
CVE-2007-6427 affects the X.Org Xserver (XInput-Misc extension) prior to version 1.4.1. The root cause is missing input sanitising within the XInput‑Misc code, which can lead to local privilege escalation. In public advisories, this is described as a vulnerability in the XInput‑Misc path that all...
CVE-2012-0449
CVE-2012-0449 affects Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7. Description: remote attackers can cause memory corruption and application crash, or possibly execute arbitrary code via a malformed XSLT stylesheet emb...
CVE-2013-0749
CVE-2013-0749 describes multiple unspecified vulnerabilities in the Mozilla Firefox browser engine (before 18.0) and related products (Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2 and ESR 17.x before 17.0.1, SeaMonkey before 2.15). The description states that remote attackers could c...
CVE-2015-8934
CVE-2015-8934 affects libarchive up to version 3.2.0, with a flaw in copy_from_lzss_window inside archive_read_support_format_rar.c that can trigger an out-of-bounds heap read via a crafted RAR file, leading to denial of service. Public advisories from multiple vendors describe this as part of a ...
CVE-2011-3659
CVE-2011-3659 is a use-after-free in Mozilla Firefox (before 3.6.26 and 4.x through 9.0), Thunderbird (before 3.1.18 and 5.0 through 9.0), and SeaMonkey (before 2.7). The root cause is premature notification of AttributeChildRemoved that affects access to removed nsDOMAttribute child nodes, enabl...
CVE-2015-0505
CVE-2015-0505 affects Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier. An unspecified remote-authenticated vulnerability related to Data Definition Language (DDL) operations could cause a denial of service. Impact is limited to availability (partial). The public description does no...
CVE-2010-3850
CVE-2010-3850: In the Linux kernel, the ec_dev_ioctl function in net/econet/af_econet.c did not require CAP_NET_ADMIN, allowing local users to bypass access restrictions and configure econet addresses via an SIOCSIFADDR ioctl. Documented impact is local privilege/unauthorized configuration; fix a...
CVE-2010-4081
CVE-2010-4081 affects the Linux kernel (sound/pci/rme9652/hdspm.c: snd_hdspm_hwdep_ioctl). The root cause is failure to initialize a structure, enabling local users to read potentially sensitive kernel stack memory via SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO. Affected: kernel versions prior to 2.6.36-r...
CVE-2013-0761
CVE-2013-0761 is a use-after-free vulnerability in Firefox’s mozilla::TrackUnionStream::EndTrack that could allow remote code execution or a denial of service via heap memory corruption. Affected products include Firefox before 18.0 (and ESR 17.x before 17.0.1), Thunderbird before 17.0.2 (and ESR...
CVE-2014-4260
CVE-2014-4260 is reported in MariaDB/MySQL contexts as an unspecified vulnerability in the MySQL Server component (SRCHAR vectors) that allows remote authenticated users to affect integrity and availability. Public details in the connected documents indicate MariaDB versions prior to 5.5.38 are a...
CVE-2014-6551
CVE-2014-6551 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier. The connected document notes an unspecified local vulnerability that allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN. No explicit root cause detail or exploit information is ...
CVE-2015-2571
CVE-2015-2571 affects Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier. It is an unspecified vulnerability in the Server: Optimizer that could allow remote authenticated users to cause a denial of service via unknown vectors. Exploitation details are not provided in the supplied docu...
CVE-2014-1488
CVE-2014-1488 affects Mozilla Firefox < 27.0 and SeaMonkey
CVE-2016-0651
CVE-2016-0651 is described in connected documents as an unspecified vulnerability in Oracle MySQL Server (5.5.46 and earlier) affecting the Optimizer subcomponent that can allow local users to impact availability. The available sources identify affected product as Oracle MySQL Server and the impa...
CVE-2012-4214
CVE-2012-4214 is a use-after-free in Mozilla Firefox’s nsTextEditorState::PrepareEditor, affecting Firefox before 17.0 and ESR 10.x before 10.0.11, Thunderbird before 17.0/ESR 10.x before 10.0.11, and SeaMonkey before 2.14. The vulnerability can allow remote attackers to execute arbitrary code or...
CVE-2014-6559
CVE-2014-6559 affects Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier. The vulnerability is described as unspecified with respect to C API SSL CERTIFICATE HANDLING and could allow remote attackers to obtain confidential information (partial confidentiality impact). No exploit detai...
CVE-2015-0374
CVE-2015-0374 is a MySQL/MariaDB server vulnerability impacting confidentiality via unknown vectors in Foreign Key handling. Affected products and versions include Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier (and MariaDB/forked releases in corresponding lines). Public advisories...
CVE-2015-5154
CVE-2015-5154 is a heap-based buffer overflow in QEMU’s IDE subsystem (ATAPI handling). A privileged guest with a CDROM drive enabled could potentially execute arbitrary host code via crafted ATAPI I/O. Public docs specify this as a host-attack surface when CD-ROM access is present; Debian securi...
CVE-2010-3067
CVE-2010-3067 affects the Linux kernel: an integer overflow in do_io_submit (fs/aio.c) in versions before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly other impact via crafted io_submit usage. The vulnerability is rooted in improper handling within the io_s...
CVE-2012-3959
CVE-2012-3959 describes a use-after-free in Mozilla Firefox’s nsRangeUpdater::SelAdjDeleteNode, affecting Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The vulnerability allows remote attackers to execu...
CVE-2012-4207
CVE-2012-4207 affects Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0 / ESR 10.x, and SeaMonkey before 2.14. The flaw in the HZ-GB-2312 charset implementation allows remote attackers to perform cross-site scripting (XSS) via a crafted document, due to imprope...
CVE-2013-0745
This CVE (CVE-2013-0745) affects Mozilla Firefox prior to 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15. It is caused by the AutoWrapperChanger not interacting correctly with garbage collection, enabling remote code ...
CVE-2013-0764
CVE-2013-0764 affects Mozilla Firefox (before 18.0), Firefox ESR (before 17.0.2), Thunderbird (before 17.0.2 and ESR 17.x before 17.0.2), and SeaMonkey (before 2.15). The vulnerability is a thread-safety issue in nsSOCKSSocketInfo::ConnectToProxy that can allow remote code execution through craft...
CVE-2015-5239
CVE-2015-5239 : QEMU’s VNC display driver is vulnerable to an integer overflow in the vnc_client_read()/protocol_client_msg() paths when processing a CLIENT_CUT_TEXT message, which can cause an infinite loop and crash the QEMU process. Affected products include QEMU with the VNC display driver pr...
CVE-2013-5612
CVE-2013-5612 is a cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 due to the absence of a charset parameter in the Content-Type header. Connected advisories confirm Firefox/SeaMonkey fixes in 2013–2014 releases (e.g., openSUSE SU-2013:1917, Mirac...
CVE-2015-0391
CVE-2015-0391 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier, with remote authenticated access able to affect availability via DDL-related vectors. Connected advisories confirm MariaDB/Mysql contexts and list affected versions; RHSA-2015:0117 remediation upgrades MariaDB to...
CVE-2012-4201
CVE-2012-4201 is a concrete Firefox/XULRunner/Thunderbird/SeaMonkey vulnerability: the evalInSandbox path mishandles the context when processing JavaScript that sets location.href, enabling remote XSS or read access to arbitrary files via a sandboxed add-on. Affected software includes Mozilla Fir...
CVE-2012-4202
CVE-2012-4202 describes a heap-based buffer overflow in Firefox’s image::RasterImage::DrawFrameTo, exploitable via a crafted GIF image to execute arbitrary code. Affected products include Mozilla Firefox before 17.0, Firefox ESR before 10.0.11 (10.x), Thunderbird before 17.0, Thunderbird ESR befo...
CVE-2012-5842
CVE-2012-5842 is a Mozilla Firefox browser engine vulnerability described as multiple unspecified vulnerabilities that can cause memory corruption leading to a crash or possibly remote code execution. Affected products/versions per description: Mozilla Firefox before 17.0, Firefox ESR 10.x before...
CVE-2014-1947
CVE-2014-1947, 2014-1958, and 2014-2030 describe stack-based buffer overflows in ImageMagick’s PSD handling (psd.c): WritePSDImage and DecodePSDPixels functions are implicated. 1947 targets WritePSDImage in ImageMagick 6.5.4 and earlier, enabling potential denial of service or remote code executi...
CVE-2014-3467
GNUTLS/library libtasn1 vulnerability CVE-2014-3467 is due to multiple issues in the DER decoder of GNU Libtasn1 up to version 3.5.x (pre-3.6), exploited by crafted ASN.1 data to cause a denial of service via out-of-bounds read. The issue is confirmed in multiple advisories (F5 SOL15423, ALAS-201...
CVE-2015-0382
CVE-2015-0382 is a remote-availability vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier, related to Server: Replication, separate from CVE-2015-0381. The connected advisories show multiple vendors/types referencing MySQL/MariaDB vulnerabilities with potential DoS or ...
CVE-2012-5836
CVE-2012-5836 affects Mozilla Firefox (before 17.0), Mozilla Thunderbird (before 17.0), and SeaMonkey (before 2.14). The issue can allow remote code execution or an application crash when CSS properties are combined with SVG text, due to the root cause described by MFSA 2012-94. Public advisories...
CVE-2014-6520
CVE-2014-6520 affects Oracle MySQL Server 5.5.38 and earlier. The vulnerability is described as unspecified and allows remote authenticated users to affect availability via vectors related to SERVER:DDL; impact is noted as partial availability. Connected sources list this CVE among MariaDB/MySQL-...
CVE-2014-6530
CVE-2014-6530 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier via CLIENT:MYSQLDUMP. Connected advisories reference CVE-2014-6530 and indicate remediation through upgrading MariaDB/MySQL components to fixed versions (e.g., MariaDB/MariaDB-Galera updates to 5.5.40 per RHSA adv...
CVE-2015-8551
CVE-2015-8551 affects the Xen PCI backend driver (pciback) when Xen runs on x86 with a Linux 3.1.x–4.3.x driver domain. The issue arises from missing sanity checks in XEN_PCI_OP_* operations, allowing a local guest administrator with access to a passed-through MSI/MSI-X PCI device to trigger BUG ...
CVE-2017-14804
Summary (CVE-2017-14804) : The vulnerability affects the build package prior to 20171128, which fails to validate directory names during extraction of build results, enabling writes outside the target buildroot. This is documented in multiple sources (OpenSUSE SUSE announcements, OSS updates, and...
CVE-2017-16232
CVE-2017-16232 affects LibTIFF 4.0.8, which is reported to have multiple memory‑leak vulnerabilities that can lead to memory exhaustion/DoS. The initial entry notes third parties could not reproduce the issue. Connected advisories reference LibTIFF-related CVEs and indicate that fixes exist in la...
CVE-2010-3442
Technical details for CVE-2010-3442 are not publicly provided in the connected documents. The sources reference the CVE and affected kernel versions but do not describe exploitability, impact specifics, or fixes. Monitor for vendor advisories and updates.
CVE-2012-3967
CVE-2012-3967 is a Firefox/WebGL vulnerability on Linux where the WebGL implementation fails to interact correctly with Mesa drivers when a large number of sampler uniforms are used. This can let remote attackers execute arbitrary code or cause a denial of service (stack memory corruption) via a ...
CVE-2013-0747
Technical details for CVE-2013-0747 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2013-3802
CVE-2013-3802 affects Oracle MySQL server up to specific versions: 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier. The vulnerability is described as unspecified and allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Connected ...
CVE-2015-0381
Technical details for CVE-2015-0381 are not publicly available in the provided documents. No specific affected products, versions, root cause, impact, or fixes are described here; monitor for updates.
CVE-2013-0752
Technical details for CVE-2013-0752 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
CVE-2015-1931
CVE-2015-1931 affects IBM Java Security Components in IBM SDK, Java Technology Edition across multiple IBM Java releases. The issue arises from storing plaintext data in memory dumps, enabling local users to read sensitive information from memory dumps. Related IBM advisories (e.g., IBM Security ...