Total
4160 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2963 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2025-04-11 | 6.2 MEDIUM | N/A |
| drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. | |||||
| CVE-2011-2692 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory. | |||||
| CVE-2010-2541 | 2 Canonical, Freetype | 2 Ubuntu Linux, Freetype | 2025-04-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | |||||
| CVE-2013-5619 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 9 Ubuntu Linux, Fedora, Firefox and 6 more | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. | |||||
| CVE-2012-4217 | 4 Canonical, Mozilla, Opensuse and 1 more | 9 Ubuntu Linux, Firefox, Seamonkey and 6 more | 2025-04-11 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
| CVE-2012-3180 | 5 Canonical, Debian, Mariadb and 2 more | 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more | 2025-04-11 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | |||||
| CVE-2012-5096 | 3 Canonical, Mariadb, Oracle | 3 Ubuntu Linux, Mariadb, Mysql | 2025-04-11 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors. | |||||
| CVE-2013-0750 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Seamonkey and 11 more | 2025-04-11 | 9.3 HIGH | N/A |
| Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow. | |||||
| CVE-2012-5840 | 5 Canonical, Mozilla, Opensuse and 2 more | 13 Ubuntu Linux, Firefox, Seamonkey and 10 more | 2025-04-11 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214. | |||||
| CVE-2013-4563 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-11 | 7.1 HIGH | N/A |
| The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline. | |||||
| CVE-2012-0578 | 3 Canonical, Mariadb, Oracle | 3 Ubuntu Linux, Mariadb, Mysql | 2025-04-11 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | |||||
| CVE-2010-3248 | 2 Canonical, Google | 2 Ubuntu Linux, Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors. | |||||
| CVE-2012-3961 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Seamonkey and 11 more | 2025-04-11 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
| CVE-2010-2520 | 4 Apple, Canonical, Debian and 1 more | 4 Mac Os X, Ubuntu Linux, Debian Linux and 1 more | 2025-04-11 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | |||||
| CVE-2012-3989 | 3 Canonical, Mozilla, Suse | 6 Ubuntu Linux, Firefox, Seamonkey and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
| Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site. | |||||
| CVE-2012-1970 | 6 Canonical, Debian, Mozilla and 3 more | 15 Ubuntu Linux, Debian Linux, Firefox and 12 more | 2025-04-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2012-2125 | 3 Canonical, Redhat, Rubygems | 3 Ubuntu Linux, Openshift, Rubygems | 2025-04-11 | 5.8 MEDIUM | N/A |
| RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. | |||||
| CVE-2014-1491 | 7 Canonical, Debian, Fedoraproject and 4 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. | |||||
| CVE-2013-1620 | 4 Canonical, Mozilla, Oracle and 1 more | 15 Ubuntu Linux, Network Security Services, Enterprise Manager Ops Center and 12 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | |||||
| CVE-2013-1900 | 2 Canonical, Postgresql | 2 Ubuntu Linux, Postgresql | 2025-04-11 | 8.5 HIGH | N/A |
| PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions." | |||||