Total
1465 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-5143 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-02-28 | 10.0 HIGH | N/A |
Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers. | |||||
CVE-2013-0835 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors. | |||||
CVE-2012-4205 | 4 Canonical, Mozilla, Opensuse and 1 more | 8 Ubuntu Linux, Firefox, Seamonkey and 5 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on. | |||||
CVE-2011-3052 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-02-28 | 6.8 MEDIUM | N/A |
The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2013-4123 | 2 Opensuse, Squid-cache | 2 Opensuse, Squid | 2024-02-28 | 5.0 MEDIUM | N/A |
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. | |||||
CVE-2013-4238 | 3 Canonical, Opensuse, Python | 3 Ubuntu Linux, Opensuse, Python | 2024-02-28 | 4.3 MEDIUM | N/A |
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
CVE-2013-0884 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors. | |||||
CVE-2013-3561 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Opensuse, Wireshark | 2024-02-28 | 7.8 HIGH | N/A |
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. | |||||
CVE-2013-0831 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process. | |||||
CVE-2012-0425 | 1 Opensuse | 1 Opensuse | 2024-02-28 | 7.8 HIGH | N/A |
LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field. | |||||
CVE-2013-3335 | 8 Adobe, Apple, Google and 5 more | 14 Adobe Air, Adobe Air Sdk, Flash Player and 11 more | 2024-02-28 | 10.0 HIGH | N/A |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3334. | |||||
CVE-2013-1846 | 2 Apache, Opensuse | 2 Subversion, Opensuse | 2024-02-28 | 4.0 MEDIUM | N/A |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. | |||||
CVE-2013-0837 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-02-28 | 7.5 HIGH | N/A |
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs. | |||||
CVE-2013-2483 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Opensuse, Wireshark | 2024-02-28 | 3.3 LOW | N/A |
The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data. | |||||
CVE-2012-5656 | 4 Canonical, Fedoraproject, Inkscape and 1 more | 4 Ubuntu Linux, Fedora, Inkscape and 1 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. | |||||
CVE-2013-4132 | 2 Kde, Opensuse | 3 Kde-workspace, Kde Sc, Opensuse | 2024-02-28 | 5.0 MEDIUM | N/A |
KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass. | |||||
CVE-2013-0832 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-02-28 | 7.5 HIGH | N/A |
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing. | |||||
CVE-2012-3425 | 5 Canonical, Debian, Libpng and 2 more | 5 Ubuntu Linux, Debian Linux, Libpng and 2 more | 2024-02-28 | 4.3 MEDIUM | N/A |
The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image. | |||||
CVE-2013-0420 | 2 Opensuse, Oracle | 3 Opensuse, Virtualization, Vm Virtualbox | 2024-02-28 | 2.4 LOW | N/A |
Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary." | |||||
CVE-2013-1872 | 4 Canonical, Mesa3d, Opensuse and 1 more | 4 Ubuntu Linux, Mesa, Opensuse and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796. |