| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-45082 |
77 |
|
|
2022-02-19 |
2022-04-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) |
|
2 |
CVE-2015-8779 |
119 |
|
DoS Exec Code Overflow |
2016-04-19 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. |
|
3 |
CVE-2015-8778 |
119 |
|
DoS Exec Code Overflow |
2016-04-19 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. |
|
4 |
CVE-2015-8776 |
189 |
|
DoS +Info |
2016-04-19 |
2018-10-30 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. |
|
5 |
CVE-2015-5239 |
835 |
|
DoS Overflow |
2020-01-23 |
2022-01-25 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. |
|
6 |
CVE-2015-5006 |
200 |
|
+Info |
2015-12-07 |
2019-06-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. |
|
7 |
CVE-2015-2576 |
|
|
|
2015-04-16 |
2017-01-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation. |
|
8 |
CVE-2015-2575 |
|
|
|
2015-04-16 |
2017-11-10 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. |
|
9 |
CVE-2015-1781 |
119 |
|
DoS Exec Code Overflow |
2015-09-28 |
2019-06-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. |
|
10 |
CVE-2015-0492 |
|
|
|
2015-04-16 |
2022-05-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. |
|
11 |
CVE-2015-0484 |
|
|
|
2015-04-16 |
2022-05-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. |
|
12 |
CVE-2014-5077 |
476 |
|
DoS |
2014-08-01 |
2020-08-13 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. |
|
13 |
CVE-2014-4943 |
269 |
1
|
+Priv |
2014-07-19 |
2020-08-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. |
|
14 |
CVE-2014-4207 |
|
|
|
2014-07-17 |
2018-10-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. |
|
15 |
CVE-2014-4039 |
264 |
|
+Info |
2014-06-17 |
2017-01-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf. |
|
16 |
CVE-2014-4038 |
59 |
|
|
2014-06-17 |
2017-01-07 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras. |
|
17 |
CVE-2014-1947 |
787 |
|
DoS Exec Code Overflow |
2020-02-17 |
2020-02-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. |
|
18 |
CVE-2014-1504 |
264 |
|
XSS |
2014-03-19 |
2020-08-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. |
|
19 |
CVE-2014-1502 |
346 |
|
Bypass |
2014-03-19 |
2020-08-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. |
|
20 |
CVE-2014-1501 |
264 |
|
Bypass |
2014-03-19 |
2016-11-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. |
|
21 |
CVE-2014-1500 |
400 |
|
DoS |
2014-03-19 |
2020-08-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. |
|
22 |
CVE-2014-1499 |
|
|
|
2014-03-19 |
2020-08-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt. |
|
23 |
CVE-2014-1498 |
347 |
|
DoS |
2014-03-19 |
2020-08-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm. |
|
24 |
CVE-2014-1494 |
|
|
DoS Exec Code Mem. Corr. |
2014-03-19 |
2020-08-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
|
25 |
CVE-2014-1491 |
326 |
|
Bypass |
2014-02-06 |
2020-07-31 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. |
|
26 |
CVE-2014-1490 |
362 |
|
DoS |
2014-02-06 |
2020-07-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. |
|
27 |
CVE-2014-1489 |
264 |
|
DoS |
2014-02-06 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. |
|
28 |
CVE-2014-1484 |
200 |
|
+Info |
2014-02-06 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. |
|
29 |
CVE-2013-5611 |
|
|
|
2013-12-11 |
2018-10-30 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. |
|
30 |
CVE-2013-3805 |
|
|
|
2013-07-17 |
2019-12-17 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements. |
|
31 |
CVE-2013-3801 |
|
|
|
2013-07-17 |
2019-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. |
|
32 |
CVE-2012-6639 |
269 |
|
|
2019-11-25 |
2019-12-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. |
|
33 |
CVE-2012-4188 |
119 |
|
Exec Code Overflow |
2012-10-10 |
2020-08-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. |
|
34 |
CVE-2012-4187 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-10-10 |
2020-08-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors. |
|
35 |
CVE-2012-4186 |
119 |
|
Exec Code Overflow |
2012-10-10 |
2020-08-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. |
|
36 |
CVE-2012-4185 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-10-10 |
2020-08-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. |
|
37 |
CVE-2012-4184 |
79 |
|
Exec Code XSS |
2012-10-10 |
2020-08-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. |
|
38 |
CVE-2012-4183 |
416 |
|
DoS Exec Code Mem. Corr. |
2012-10-10 |
2020-08-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. |
|
39 |
CVE-2012-4182 |
416 |
|
DoS Exec Code Mem. Corr. |
2012-10-10 |
2020-08-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. |
|
40 |
CVE-2012-4180 |
119 |
|
Exec Code Overflow |
2012-10-10 |
2020-08-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. |
|
41 |
CVE-2012-4179 |
416 |
|
DoS Exec Code Mem. Corr. |
2012-10-10 |
2020-08-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. |
|
42 |
CVE-2012-3995 |
125 |
|
DoS Exec Code |
2012-10-10 |
2020-08-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
43 |
CVE-2012-3992 |
79 |
|
XSS |
2012-10-10 |
2020-08-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. |
|
44 |
CVE-2012-3991 |
264 |
|
Bypass |
2012-10-10 |
2020-08-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. |
|
45 |
CVE-2012-3990 |
416 |
|
Exec Code |
2012-10-10 |
2020-08-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. |
|
46 |
CVE-2012-3988 |
416 |
|
Exec Code |
2012-10-10 |
2020-08-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation. |
|
47 |
CVE-2012-3986 |
20 |
|
Bypass |
2012-10-10 |
2020-08-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code. |
|
48 |
CVE-2012-3982 |
|
|
DoS Exec Code Mem. Corr. |
2012-10-10 |
2020-08-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
|
49 |
CVE-2011-3970 |
125 |
|
DoS |
2012-02-09 |
2020-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
