Search Results (Refine Search)
- CPE Product Version: cpe:/o:opensuse:opensuse:12.3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-1508 |
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. Published: March 19, 2014; 6:55:06 AM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2014-1505 |
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693. Published: March 19, 2014; 6:55:06 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-1504 |
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. Published: March 19, 2014; 6:55:06 AM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2014-1497 |
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file. Published: March 19, 2014; 6:55:06 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2014-1493 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: March 19, 2014; 6:55:06 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2014-1705 |
Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Published: March 16, 2014; 10:06:45 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-2324 |
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname. Published: March 14, 2014; 11:55:05 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-2323 |
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. Published: March 14, 2014; 11:55:05 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-2270 |
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. Published: March 14, 2014; 11:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-0467 |
Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Published: March 14, 2014; 11:55:05 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-1839 |
The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file. Published: March 11, 2014; 3:37:04 PM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2014-1838 |
The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf. Published: March 11, 2014; 3:37:04 PM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2013-2191 |
python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. Published: February 07, 2014; 7:55:06 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-0038 |
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter. Published: February 06, 2014; 5:55:03 PM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2014-1491 |
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. Published: February 06, 2014; 12:44:25 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-1490 |
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. Published: February 06, 2014; 12:44:25 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2014-1488 |
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. Published: February 06, 2014; 12:44:25 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-1487 |
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. Published: February 06, 2014; 12:44:25 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-1486 |
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. Published: February 06, 2014; 12:44:24 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2014-1485 |
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions. Published: February 06, 2014; 12:44:24 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |