296 matches found
CVE-2014-6494
CVE-2014-6494 is an unspecified vulnerability in Oracle MySQL Server (affected: 5.5.39 and earlier; 5.6.20 and earlier) that can allow remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL. The IBM advisory lists the CVE among several issues affecting MySQL Server compon...
CVE-2015-0797
CVE-2015-0797 affects GStreamer up to 1.4.4 (GStreamer 1.4.x) when used by Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux. The flaw is a buffer over-read in H.264 video data processing in the GStreamer pipeline (m4v files) that can cause a denial o...
CVE-2015-1931
CVE-2015-1931 affects IBM Java Security Components in IBM SDK, Java Technology Edition across multiple IBM Java releases. The issue arises from storing plaintext data in memory dumps, enabling local users to read sensitive information from memory dumps. Related IBM advisories (e.g., IBM Security ...
CVE-2015-8567
CVE-2015-8567 describes a memory leak in the QEMU vmxnet3 device emulator (net/vmxnet3.c) that could allow a remote attacker to cause a denial of service via memory exhaustion. The vulnerability is part of multiple CVEs in QEMU; Debian security advisories report fixes in stable Jessie to version ...
CVE-2010-3437
The vulnerability CVE-2010-3437 affects the Linux kernel (before 2.6.36-rc6) in pkt_find_dev_from_minor within drivers/block/pktcdvd.c. A crafted index value passed via PKT_CTRL_CMD_STATUS ioctl can cause a signedness error, enabling local attackers to read kernel memory or trigger a crash (DoS)....
CVE-2010-3848
CVE-2010-3848 is a Linux kernel vulnerability: a stack-based buffer overflow in econet_sendmsg (net/econet/af_econet.c) when Econet is configured, caused by handling a large number of iovec structures. This allows local privilege escalation. The flaw affects Linux kernels before 2.6.36.2 and is a...
CVE-2010-4072
CVE-2010-4072 affects the Linux kernel: the copy_shmid_to_user function in ipc/shm.c (pre-2.6.37-rc1) does not initialize a certain structure, enabling local users to leak potentially sensitive information from kernel stack memory via the shmctl interface and the old shm interface. Affected produ...
CVE-2010-4157
CVE-2010-4157 involves an integer overflow in the Linux kernel’s GDTH SCSI driver (gdth_ioctl_alloc/ioc_general) on 64-bit platforms. A 32/64-bit mismatch when handling a large argument in an ioctl can cause memory corruption, enabling a local user to trigger a denial of service (and potentially ...
CVE-2012-4213
The CVE-2012-4213 issue is a concrete use-after-free vulnerability in Mozilla codepath: nsEditor::FindNextLeafNode affects Firefox and related products. Affected components per the initial description are Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14, with remote...
CVE-2012-5841
CVE-2012-5841 affects Mozilla Firefox (before 17.0), Firefox ESR (10.x before 10.0.11), Thunderbird (before 17.0), Thunderbird ESR (before 10.0.11) and SeaMonkey (before 2.14). The issue arises from cross-origin wrappers with a filtering behavior that fails to restrict write actions, enabling rem...
CVE-2013-0756
CVE-2013-0756 corresponds to a use-after-free in Mozilla Firefox’s obj_toSource path that can be triggered by a crafted web page referencing JavaScript Proxy objects, allowing remote code execution via standard web-visit attack vectors. Affected products include Firefox (pre-18.0), Firefox ESR 17...
CVE-2013-3812
CVE-2013-3812 affects Oracle MySQL Server prior to 5.5.31 and 5.6.11, where an unspecified vulnerability in Server Replication allows remote authenticated users to affect availability via unknown vectors. The information explicitly cites availability impact (PARTIAL) but vectors and root cause ar...
CVE-2013-5614
Affected software: Mozilla Firefox <= 25.x/26.0 and SeaMonkey
CVE-2014-1502
CVE-2014-1502 affects Mozilla Firefox (pre-28.0) and SeaMonkey (pre-2.25). The vulnerability arises in WebGL functions WebGL.compressedTexImage2D and WebGL.compressedTexSubImage2D, enabling remote attackers to bypass Same Origin Policy and render content from a different domain via unspecified ve...
CVE-2014-6464
CVE-2014-6464 is an unspecified vulnerability in Oracle MySQL Server affecting 5.5.39 and earlier and 5.6.20 and earlier, allowing remote authenticated users to affect availability via SERVER:INNODB DML FOREIGN KEYS. The CVSS Base Score is 4.0 (MEDIUM). Affected advisories and vendors indicate re...
CVE-2014-6496
CVE-2014-6496 affects Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier, via CLIENT:SSL:yaSSL, causing availability issues (remote, unauthenticated). Affects MySQL Server component CLIENT:SSL:yaSSL; root cause is unspecified in the provided text. Public details across connected source...
CVE-2014-6555
CVE-2014-6555 is a MySQL Server vulnerability (affecting 5.5.39 and earlier and 5.6.20 and earlier) that allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. The connected sources identify a package-wide remediation: upgrade t...
CVE-2016-2315
CVE-2016-2315 : Git before 2.7.4 contains an integer truncation/overrun in revision.c that can cause a heap-based buffer overflow when handling crafted path information (e.g., long filenames or many nested trees). This may allow remote code execution. A fix is to update Git to version 2.7.4 or la...
CVE-2016-2324
CVE-2016-2324 affects Git prior to 2.7.4. A heap-based buffer overflow is triggered by path-related inputs (e.g., long filenames or deeply nested trees), enabling remote code execution. Public advisories from Debian, Ubuntu, Arch, CentOS, and Cloud Foundry reference two related buffer-overflow vu...
CVE-2010-4083
CVE-2010-4083 affects the Linux kernel (pre-2.6.36). The vulnerable code path is copy_semid_to_user() in ipc/sem.c, where a structure is not initialized, enabling local attackers to leak kernel stack memory via semctl commands (IPC_INFO, SEM_INFO, IPC_STAT, SEM_STAT). The issue is mitigated by up...
CVE-2014-4207
CVE-2014-4207 is described as an unspecified vulnerability in the MySQL Server component affecting Oracle MySQL 5.5.37 and earlier, enabling remote authenticated users to impact availability via the SROPTZR vector. Connected sources map the issue to MariaDB/MariaDB Galera contexts as well, with r...
CVE-2014-4243
CVE-2014-4243 affects the MySQL Server component (Oracle MySQL) prior to 5.5.35 and 5.6.15. The vulnerability could allow remote authenticated users to affect availability via ENFED-related vectors. Open-source/integrated advisories reference MariaDB/RHEL/SUSE mitigations; remediation in these co...
CVE-2014-6505
CVE-2014-6505 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier, via a vulnerability in the SERVER:MEMORY STORAGE ENGINE that can impact availability when exploited by remote authenticated users. Public advisories (RHSA-2014-1940/1862 and related Red Hat notes) indicate fixes ...
CVE-2015-0432
CVE-2015-0432 is listed against Oracle/MySQL/MariaDB 5.5.x in multiple advisories. Public details in connected docs show fixes in 5.5.41 (RHSA-2015:0117) and 5.5.45 (ELSA-2015-1628/CentOS-CE), indicating a vulnerability affecting MySQL/MariaDB server components related to InnoDB/DDL-Foreign Key; ...
CVE-2010-3849
CVE-2010-3849 affects the Linux kernel’s econet_sendmsg path (net/econet/af_econet.c) prior to 2.6.36.2, when an Econet address is configured. A local user can trigger a denial of service by issuing a sendmsg with a NULL remote address, causing a NULL pointer dereference and OOPS. The correspondi...
CVE-2014-1480
Technical details about CVE-2014-1480 are not publicly provided in the connected documents. The available description notes a clickjacking/ unintended file launch issue in Firefox/SeaMonkey, but specifics (affected versions, root cause, exploitability, and fixes) are not included.
CVE-2015-2697
CVE-2015-2697 affects MIT Kerberos 5 (krb5) prior to 1.14. The issue is triggered via a remote authenticated TGS request where the realm field starts with a null byte, enabling an out-of-bounds condition that can crash the KDC (denial of service). The connected document confirms the vulnerability...
CVE-2013-5619
CVE-2013-5619 describes a vulnerability in Mozilla’s SpiderMonkey JavaScript engine where the binary-search implementation could overflow, potentially enabling a remote attacker to cause a denial of service via crafted JavaScript. The initial Mozilla/OpenSUSE/IBM advisories confirm this is a Java...
CVE-2013-6672
CVE-2013-6672: Firefox (Linux) and SeaMonkey are affected by a Linux clipboard information disclosure via middle-click paste. The initial entry specifies Firefox < 26.0 and SeaMonkey
CVE-2016-2317
GraphicsMagick’s SVG processing for CVE-2016-2317 comprises stack and heap buffer overflows in MVG/SVG rendering (TracePoint, GetToken, GetTransformTokens). Connected advisories confirm this was addressed in newer GraphicsMagick packages across distros (e.g., Debian Jessie: 1.3.20-3+deb8u2; Stret...
CVE-2009-3612
CVE-2009-3612 affects the Linux kernel’s net/sched/cls_api.c tcf_fill_node in the netlink subsystem. The issue is that a tcm__pad2 structure member is not initialized, potentially allowing local attackers to read sensitive kernel memory. Affected: kernel 2.6.x prior to 2.6.32-rc5 and 2.4.37.6 and...
CVE-2012-1938
CVE-2012-1938 affects Mozilla's browser engine and is described in the MiracleLinux AXSA:2012-857 advisory as multiple vulnerabilities in Firefox (and related components) that could allow memory corruption and remote code execution. Specifically, it impacts Mozilla Firefox before 13.0, Thunderbir...
CVE-2012-3976
CVE-2012-3976 affects Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The issue arises from improper handling of onLocationChange events when navigating between https sites, allowing remote attackers to spoof the X.509 certificate information in the address...
CVE-2013-0762
CVE-2013-0762 is a use-after-free in imgRequest::OnStopFrame affecting Mozilla Firefox prior to 18.0 (and ESR 10.x before 10.0.12, ESR 17.x before 17.0.1), Thunderbird prior to 17.0.2, and SeaMonkey prior to 2.15. It can allow remote code execution or a denial of service via heap memory corruptio...
CVE-2013-3783
CVE-2013-3783 affects the MySQL Server component in Oracle MySQL 5.5.31 and earlier. The vulnerability is described as unspecified and allows remote authenticated users to affect availability via unknown vectors related to the Server Parser. Connected sources reference this CVE within broader Ora...
CVE-2014-4287
CVE-2014-4287 describes an unspecified vulnerability in Oracle MySQL Server, affecting versions 5.5.38 and earlier and 5.6.19 and earlier, that allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS. The description indicates the issue is focused on ...
CVE-2015-5006
CVE-2015-5006 affects IBM SDK/Java Technology Edition (IBM Java Security Components) on multiple versions (8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, 6 before SR16 FP15). The root cause is exposure of Kerberos Credential Cache data, enabling physically proximate ...
CVE-2007-6206
CVE-2007-6206 affects the Linux kernel (2.4.x and 2.6.x up to 2.6.24-rc3). The issue lies in the do_coredump function in fs/exec.c, where the core dump file’s UID is not changed if a core dump already exists in the same location when a root-owned process dumps a core. This behavior could allow a ...
CVE-2009-0834
The CVE-2009-0834 issue affects the Linux kernel up to 2.6.28.7 on x86_64, where audit_syscall_entry mishandles 32-bit processes making 64-bit syscalls or 64-bit processes making 32-bit syscalls. This can allow local users to bypass certain syscall audit configurations, and is related to CVE-2009...
CVE-2013-0767
CVE-2013-0767 affects Mozilla Firefox (and related Mozilla components) with the nsSVGPathElement::GetPathLengthScale path handling. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service via an out-of-bounds read, reported for Firefox before 18.0, ESR 10....
CVE-2014-1485
CVE-2014-1485 affects Mozilla Firefox (prior to 27.0) and SeaMonkey (prior to 2.24). The CSP implementation in these browsers evaluates style-src directives for XSLT processing rather than script-src, potentially allowing remote attackers to execute arbitrary XSLT code through insufficient style-...
CVE-2014-1498
CVE-2014-1498 : The vulnerability affects Mozilla Firefox before 28.0 and SeaMonkey before 2.25, where crypto.generateCRMFRequest fails to validate a specific key type. This can cause remote crashes/DoS via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algo...
CVE-2014-1500
CVE-2014-1500 affects Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25. The issue allows remote attackers to cause resource exhaustion and application hang via onbeforeunload events that trigger background JavaScript execution. Exploitation details are not provided in the available docum...
CVE-2009-2910
CVE-2009-2910 affects the Linux kernel’s ia32 entry path on x86_64. The issue is that arch/x86/ia32/ia32entry.S does not clear certain kernel registers before returning to user mode, which allows a local attacker to read register values from an earlier process after switching an ia32 process into...
CVE-2010-4160
The CVE-2010-4160 issue is present in the Linux kernel before 2.6.36.2, involving multiple integer overflows in the PPPoL2TP and IPoL2TP sendmsg paths (pppol2tp_sendmsg and l2tp_ip_sendmsg). The vulnerability can allow local users to trigger a denial of service through heap memory corruption and ...
CVE-2013-3804
CVE-2013-3804 affects Oracle MySQL Server prior to specific versions (5.1.69 and earlier, 5.5.31 and earlier, 5.6.11 and earlier). The issue is described as an unspecified vulnerability in the Server Optimizer that remote authenticated users can exploit to affect availability via unknown vectors....
CVE-2014-6463
CVE-2014-6463 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier; impact is availability via SERVER:REPLICATION ROW FORMAT BINARY LOG DML when an authenticated remote user runs DML. Red Hat advisories RHSA-2014-1940 and related RHSA entries indicate that MariaDB/MariaDB-Galera ...
CVE-2010-4080
CVE-2010-4080 affects the Linux kernel: snd_hdsp_hwdep_ioctl in sound/pci/rme9652/hdsp.c does not initialize a structure, enabling local attackers to leak kernel stack information via SNDRV_HDSP_IOCTL_GET_CONFIG_INFO. Affected products/versions: Linux kernel before 2.6.36-rc6. Impact is an inform...
CVE-2013-0766
CVE-2013-0766 is a use-after-free in the ~nsHTMLEditRules implementation affecting Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15. The vulnerabili...
CVE-2013-3808
CVE-2013-3808 affects Oracle MySQL Server up to certain older releases: 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier. The vulnerability is described as unspecified and remote-authenticated, impacting availability via unknown vectors related to Server Options. No exploitation det...