|
2013-06-26
|
CVE-2013-1690
|
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
|
Ubuntu_linux, Debian_linux, Firefox, Thunderbird, Thunderbird_esr, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Gluster_storage_server_for_on\-Premise, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit
|
8.8
|
|
|
|
2014-05-07
|
CVE-2014-0196
|
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
|
Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_edge_gateway, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_protocol_security_module, Big\-Ip_wan_optimization_manager, Big\-Ip_webaccelerator, Big\-Iq_application_delivery_controller, Big\-Iq_centralized_management, Big\-Iq_cloud, Big\-Iq_cloud_and_orchestration, Big\-Iq_device, Big\-Iq_security, Enterprise_manager, Linux_kernel, Linux, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_eus, Suse_linux_enterprise_desktop, Suse_linux_enterprise_high_availability_extension, Suse_linux_enterprise_server
|
N/A
|
|
|
|
2014-06-07
|
CVE-2014-3153
|
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
|
Ubuntu_linux, Linux_kernel, Opensuse, Linux, Enterprise_linux_server_aus, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_real_time_extension, Linux_enterprise_server
|
7.8
|
|
|
|
2015-08-08
|
CVE-2015-4495
|
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
|
Ubuntu_linux, Firefox, Firefox_os, Opensuse, Solaris, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit
|
8.8
|
|
|
|
2016-05-05
|
CVE-2016-3715
|
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
|
Ubuntu_linux, Imagemagick, Leap, Opensuse, Linux, Solaris, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_from_rhui, Enterprise_linux_server_supplementary_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Manager, Manager_proxy, Openstack_cloud
|
5.5
|
|
|
|
2016-05-05
|
CVE-2016-3718
|
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
|
Ubuntu_linux, Imagemagick, Leap, Opensuse, Linux, Solaris, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_from_rhui, Enterprise_linux_server_supplementary_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Manager, Manager_proxy, Openstack_cloud
|
5.5
|
|
|
|
2019-10-11
|
CVE-2019-2215
|
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
|
Ubuntu_linux, Debian_linux, Android, Alp\-Al00b_firmware, Alp\-Tl00b_firmware, Anne\-Al00_firmware, Ares\-Al00b_firmware, Ares\-Al10d_firmware, Ares\-Tl00chw_firmware, Barca\-Al00_firmware, Berkeley\-L09_firmware, Berkeley\-Tl10_firmware, Bla\-Al00b_firmware, Bla\-L29c_firmware, Bla\-Tl00b_firmware, Columbia\-Al00a_firmware, Columbia\-L29d_firmware, Cornell\-Tl10b_firmware, Duke\-L09i_firmware, Dura\-Al00a_firmware, Figo\-Al00a_firmware, Florida\-Al20b_firmware, Florida\-L03_firmware, Florida\-L21_firmware, Florida\-L22_firmware, Florida\-Tl10b_firmware, Honor_9i_firmware, Honor_view_20_firmware, Jakarta\-Al00a_firmware, Johnson\-Tl00d_firmware, Leland\-Al10b_firmware, Leland\-L21a_firmware, Leland\-L32a_firmware, Leland\-Tl10b_firmware, Leland\-Tl10c_firmware, Lelandp\-Al00c_firmware, Lelandp\-L22c_firmware, Mate_rs_firmware, Neo\-Al00d_firmware, Nova_2s_firmware, Nova_3_firmware, Nova_3e_firmware, P20_firmware, P20_lite_firmware, Princeton\-Al10b_firmware, Rhone\-Al00_firmware, Stanford\-L09_firmware, Stanford\-L09s_firmware, Sydney\-Al00_firmware, Sydney\-Tl00_firmware, Sydneym\-Al00_firmware, Tony\-Al00b_firmware, Tony\-Tl00b_firmware, Y9_2019_firmware, Yale\-Al00a_firmware, Yale\-L21a_firmware, Yale\-Tl00b_firmware, A220_firmware, A320_firmware, A800_firmware, Aff_baseboard_management_controller_firmware, C190_firmware, Cloud_backup, Data_availability_services, Fas2720_firmware, Fas2750_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H610s_firmware, H700s_firmware, Hci_management_node, Service_processor, Solidfire, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage
|
7.8
|
|
|
|
2020-03-02
|
CVE-2019-17026
|
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
|
Ubuntu_linux, Firefox, Firefox_esr, Thunderbird
|
8.8
|
|
|
|
2020-04-30
|
CVE-2020-11651
|
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
|
Ubuntu_linux, Debian_linux, Leap, Salt, Application_remote_collector
|
9.8
|
|
|
|
2019-04-08
|
CVE-2019-0211
|
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
|
Http_server, Ubuntu_linux, Debian_linux, Fedora, Oncommand_unified_manager, Leap, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Http_server, Instantis_enterprisetrack, Retail_xstore_point_of_service, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_arm_64, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_update_services_for_sap_solutions, Jboss_core_services, Openshift_container_platform, Openshift_container_platform_for_power, Software_collections
|
7.8
|
|
|