Total
1461 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1966 | 3 Mozilla, Opensuse, Oracle | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2019-12-27 | 6.8 MEDIUM | 8.8 HIGH |
| The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. | |||||
| CVE-2016-1961 | 4 Mozilla, Opensuse, Oracle and 1 more | 7 Firefox, Firefox Esr, Thunderbird and 4 more | 2019-12-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. | |||||
| CVE-2016-1977 | 5 Mozilla, Opensuse, Oracle and 2 more | 7 Firefox, Firefox Esr, Leap and 4 more | 2019-12-27 | 6.8 MEDIUM | 8.8 HIGH |
| The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. | |||||
| CVE-2015-1819 | 8 Apple, Canonical, Debian and 5 more | 12 Iphone Os, Mac Os X, Tvos and 9 more | 2019-12-27 | 5.0 MEDIUM | N/A |
| The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. | |||||
| CVE-2016-1974 | 4 Mozilla, Opensuse, Oracle and 1 more | 7 Firefox, Firefox Esr, Thunderbird and 4 more | 2019-12-27 | 6.8 MEDIUM | 8.8 HIGH |
| The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. | |||||
| CVE-2016-1930 | 3 Mozilla, Opensuse, Oracle | 5 Firefox, Firefox Esr, Leap and 2 more | 2019-12-27 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2016-6352 | 3 Canonical, Gnome, Opensuse | 4 Ubuntu Linux, Gdk-pixbuf, Leap and 1 more | 2019-12-19 | 5.0 MEDIUM | 7.5 HIGH |
| The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. | |||||
| CVE-2014-2387 | 3 Debian, Opensuse, Pen Project | 3 Debian Linux, Opensuse, Pen | 2019-12-19 | 4.6 MEDIUM | 4.4 MEDIUM |
| Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities | |||||
| CVE-2014-3495 | 2 Debian, Opensuse | 3 Debian Linux, Duplicity, Opensuse | 2019-12-19 | 5.0 MEDIUM | 7.5 HIGH |
| duplicity 0.6.24 has improper verification of SSL certificates | |||||
| CVE-2013-7370 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Openshift and 1 more | 2019-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | |||||
| CVE-2011-1145 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Enterprise Linux and 1 more | 2019-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. | |||||
| CVE-2010-4661 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2019-11-18 | 4.6 MEDIUM | 7.8 HIGH |
| udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | |||||
| CVE-2016-4983 | 3 Dovecot, Opensuse, Redhat | 4 Dovecot, Leap, Opensuse and 1 more | 2019-11-08 | 2.1 LOW | 3.3 LOW |
| A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. | |||||
| CVE-2017-5333 | 5 Canonical, Debian, Icoutils Project and 2 more | 11 Ubuntu Linux, Debian Linux, Icoutils and 8 more | 2019-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. | |||||
| CVE-2017-5332 | 5 Canonical, Debian, Icoutils Project and 2 more | 11 Ubuntu Linux, Debian Linux, Icoutils and 8 more | 2019-11-06 | 6.8 MEDIUM | 7.8 HIGH |
| The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | |||||
| CVE-2017-5331 | 4 Canonical, Debian, Icoutils Project and 1 more | 5 Ubuntu Linux, Debian Linux, Icoutils and 2 more | 2019-11-05 | 4.6 MEDIUM | 7.8 HIGH |
| Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | |||||
| CVE-2013-3718 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Evince, Opensuse and 1 more | 2019-11-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| evince is missing a check on number of pages which can lead to a segmentation fault | |||||
| CVE-2013-4238 | 3 Canonical, Opensuse, Python | 3 Ubuntu Linux, Opensuse, Python | 2019-10-25 | 4.3 MEDIUM | N/A |
| The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2014-7818 | 2 Opensuse, Rubyonrails | 3 Opensuse, Rails, Ruby On Rails | 2019-08-08 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. | |||||
| CVE-2014-7829 | 2 Opensuse, Rubyonrails | 3 Opensuse, Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818. | |||||