Vulnerabilities (CVE)

Total 24023 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-5017 1 Symantec 1 Web Gateway 2023-12-10 7.9 HIGH 9.8 CRITICAL
SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2014-2323 4 Debian, Lighttpd, Opensuse and 1 more 5 Debian Linux, Lighttpd, Opensuse and 2 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
CVE-2014-1514 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class.
CVE-2013-7137 1 Burden Project 1 Burden 2023-12-10 7.5 HIGH 9.8 CRITICAL
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.
CVE-2014-1511 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
CVE-2014-1532 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.
CVE-2014-1510 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.
CVE-2014-1524 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.
CVE-2014-6271 1 Gnu 1 Bash 2023-12-10 10.0 HIGH 9.8 CRITICAL
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVE-2014-1508 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering.
CVE-2014-6287 1 Rejetto 1 Http File Server 2023-12-10 10.0 HIGH 9.8 CRITICAL
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
CVE-2014-1493 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-5609 6 Canonical, Fedoraproject, Mozilla and 3 more 17 Ubuntu Linux, Fedora, Firefox and 14 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-5613 6 Canonical, Fedoraproject, Mozilla and 3 more 17 Ubuntu Linux, Fedora, Firefox and 14 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.
CVE-2013-5616 6 Canonical, Fedoraproject, Mozilla and 3 more 17 Ubuntu Linux, Fedora, Firefox and 14 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.
CVE-2012-5376 1 Google 1 Chrome 2023-12-10 9.3 HIGH 9.6 CRITICAL
The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.
CVE-2013-5615 5 Canonical, Fedoraproject, Mozilla and 2 more 10 Ubuntu Linux, Fedora, Firefox and 7 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.
CVE-2012-2926 1 Atlassian 7 Bamboo, Confluence, Confluence Server and 4 more 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
CVE-2013-5618 6 Canonical, Fedoraproject, Mozilla and 3 more 17 Ubuntu Linux, Fedora, Firefox and 14 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.
CVE-2012-1516 1 Vmware 2 Esx, Esxi 2023-12-10 9.0 HIGH 9.9 CRITICAL
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.