Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-1481 |
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. Published: February 06, 2014; 12:44:24 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-1480 |
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. Published: February 06, 2014; 12:44:24 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-1479 |
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes. Published: February 06, 2014; 12:44:24 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-1478 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors. Published: February 06, 2014; 12:44:24 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-1477 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: February 06, 2014; 12:44:24 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2013-6891 |
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. Published: January 25, 2014; 8:55:09 PM -0500 |
V3.x:(not available) V2.0: 1.2 LOW |
CVE-2013-6425 |
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Published: January 18, 2014; 2:55:07 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-0437 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Published: January 15, 2014; 11:08:10 AM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-0420 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication. Published: January 15, 2014; 11:08:10 AM -0500 |
V3.x:(not available) V2.0: 2.8 LOW |
CVE-2014-0412 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Published: January 15, 2014; 11:08:10 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-0402 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking. Published: January 15, 2014; 11:08:09 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-0401 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors. Published: January 15, 2014; 11:08:09 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-0393 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB. Published: January 15, 2014; 11:08:07 AM -0500 |
V3.x:(not available) V2.0: 3.3 LOW |
CVE-2014-0386 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Published: January 15, 2014; 11:08:07 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-5908 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling. Published: January 15, 2014; 11:08:06 AM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2013-5891 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. Published: January 15, 2014; 11:08:05 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-4969 |
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. Published: January 07, 2014; 1:55:06 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-6422 |
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. Published: December 23, 2013; 5:55:02 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-6391 |
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request. Published: December 14, 2013; 12:21:46 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2012-6151 |
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. Published: December 13, 2013; 1:55:04 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |