Total
766 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-0762 | 5 Canonical, Mozilla, Opensuse and 2 more | 15 Ubuntu Linux, Firefox, Firefox Esr and 12 more | 2024-02-28 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2013-5829 | 3 Canonical, Oracle, Redhat | 8 Ubuntu Linux, Jdk, Jre and 5 more | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809. | |||||
CVE-2013-1544 | 3 Mariadb, Oracle, Redhat | 7 Mariadb, Mysql, Enterprise Linux Desktop and 4 more | 2024-02-28 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. | |||||
CVE-2012-0248 | 4 Canonical, Debian, Imagemagick and 1 more | 10 Ubuntu Linux, Debian Linux, Imagemagick and 7 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. | |||||
CVE-2013-2392 | 3 Mariadb, Oracle, Redhat | 6 Mariadb, Mysql, Enterprise Linux Desktop and 3 more | 2024-02-28 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | |||||
CVE-2012-3961 | 5 Canonical, Mozilla, Opensuse and 2 more | 15 Ubuntu Linux, Firefox, Firefox Esr and 12 more | 2024-02-28 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2013-2555 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2024-02-28 | 10.0 HIGH | N/A |
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. | |||||
CVE-2012-5829 | 6 Canonical, Debian, Mozilla and 3 more | 15 Ubuntu Linux, Debian Linux, Firefox and 12 more | 2024-02-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2012-3167 | 5 Canonical, Debian, Mariadb and 2 more | 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more | 2024-02-28 | 3.5 LOW | N/A |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search. | |||||
CVE-2013-3326 | 8 Adobe, Apple, Google and 5 more | 14 Adobe Air, Adobe Air Sdk, Flash Player and 11 more | 2024-02-28 | 10.0 HIGH | N/A |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. | |||||
CVE-2012-3959 | 6 Canonical, Debian, Mozilla and 3 more | 16 Ubuntu Linux, Debian Linux, Firefox and 13 more | 2024-02-28 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2012-2037 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2024-02-28 | 9.3 HIGH | N/A |
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034. | |||||
CVE-2012-3992 | 4 Canonical, Mozilla, Redhat and 1 more | 13 Ubuntu Linux, Firefox, Firefox Esr and 10 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. | |||||
CVE-2012-3976 | 5 Canonical, Mozilla, Opensuse and 2 more | 13 Ubuntu Linux, Firefox, Firefox Esr and 10 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. | |||||
CVE-2012-1798 | 4 Debian, Imagemagick, Opensuse and 1 more | 10 Debian Linux, Imagemagick, Opensuse and 7 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. | |||||
CVE-2012-5614 | 3 Mariadb, Oracle, Redhat | 7 Mariadb, Mysql, Enterprise Linux Desktop and 4 more | 2024-02-28 | 4.0 MEDIUM | N/A |
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements. | |||||
CVE-2012-4215 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more | 2024-02-28 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2012-5840 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more | 2024-02-28 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214. | |||||
CVE-2013-1943 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-02-28 | 4.4 MEDIUM | 7.8 HIGH |
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. | |||||
CVE-2013-0776 | 5 Canonical, Debian, Mozilla and 2 more | 13 Ubuntu Linux, Debian Linux, Firefox and 10 more | 2024-02-28 | 4.0 MEDIUM | N/A |
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. |