Search
Total
3447 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5506 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-08 | 6.8 MEDIUM | N/A |
| Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure." | |||||
| CVE-2008-5510 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-08 | 5.0 MEDIUM | N/A |
| The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. | |||||
| CVE-2008-5508 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-08 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. | |||||
| CVE-2008-5507 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-08 | 6.0 MEDIUM | N/A |
| Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API. | |||||
| CVE-2008-5511 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-08 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document." | |||||
| CVE-2008-5502 | 2 Canonical, Mozilla | 3 Ubuntu Linux, Firefox, Seamonkey | 2018-11-08 | 5.0 MEDIUM | N/A |
| The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions. | |||||
| CVE-2008-5501 | 2 Canonical, Mozilla | 3 Ubuntu Linux, Firefox, Seamonkey | 2018-11-08 | 5.0 MEDIUM | N/A |
| The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure. | |||||
| CVE-2008-5500 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-08 | 10.0 HIGH | N/A |
| The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow. | |||||
| CVE-2017-15422 | 5 Canonical, Debian, Google and 2 more | 7 Ubuntu Linux, Debian Linux, Chrome and 4 more | 2018-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2008-5512 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-02 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." | |||||
| CVE-2008-5024 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-02 | 7.5 HIGH | N/A |
| Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. | |||||
| CVE-2008-5022 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-02 | 7.5 HIGH | N/A |
| The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. | |||||
| CVE-2008-5023 | 3 Canonical, Debian, Mozilla | 4 Ubuntu Linux, Debian Linux, Firefox and 1 more | 2018-11-02 | 7.5 HIGH | N/A |
| Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. | |||||
| CVE-2008-5019 | 3 Canonical, Debian, Mozilla | 3 Ubuntu Linux, Debian Linux, Firefox | 2018-11-02 | 4.3 MEDIUM | N/A |
| The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors. | |||||
| CVE-2008-5018 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-02 | 10.0 HIGH | N/A |
| The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class. | |||||
| CVE-2008-5017 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-02 | 10.0 HIGH | N/A |
| Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. | |||||
| CVE-2008-5021 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-02 | 9.3 HIGH | N/A |
| nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. | |||||
| CVE-2008-4934 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2018-11-02 | 7.8 HIGH | N/A |
| The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image. | |||||
| CVE-2008-5014 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-02 | 10.0 HIGH | N/A |
| jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. | |||||
| CVE-2008-4061 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-01 | 10.0 HIGH | N/A |
| Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine. | |||||
| CVE-2008-4062 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-01 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp. | |||||
| CVE-2008-4058 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-01 | 7.5 HIGH | N/A |
| The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS. | |||||
| CVE-2008-4065 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-01 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug." | |||||
| CVE-2008-4067 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2018-11-01 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI. | |||||
| CVE-2008-4068 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-01 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI. | |||||
| CVE-2008-3837 | 3 Canonical, Debian, Mozilla | 4 Ubuntu Linux, Debian Linux, Firefox and 1 more | 2018-11-01 | 9.3 HIGH | N/A |
| Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823. | |||||
| CVE-2008-2725 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2018-11-01 | 7.8 HIGH | N/A |
| Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | |||||
| CVE-2008-2712 | 2 Canonical, Vim | 2 Ubuntu Linux, Vim | 2018-11-01 | 9.3 HIGH | N/A |
| Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. | |||||
| CVE-2008-2726 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2018-11-01 | 7.8 HIGH | N/A |
| Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | |||||
| CVE-2008-2664 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2018-11-01 | 7.8 HIGH | N/A |
| The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | |||||
| CVE-2008-2663 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2018-11-01 | 10.0 HIGH | N/A |
| Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | |||||
| CVE-2008-2662 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2018-11-01 | 10.0 HIGH | N/A |
| Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change. | |||||
| CVE-2008-2136 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2018-10-31 | 7.8 HIGH | N/A |
| Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count. | |||||
| CVE-2015-8805 | 3 Canonical, Nettle Project, Opensuse | 4 Ubuntu Linux, Nettle, Leap and 1 more | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. | |||||
| CVE-2015-8804 | 3 Canonical, Nettle Project, Opensuse | 4 Ubuntu Linux, Nettle, Leap and 1 more | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2015-8803 | 3 Canonical, Nettle Project, Opensuse | 4 Ubuntu Linux, Nettle, Leap and 1 more | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. | |||||
| CVE-2015-8779 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. | |||||
| CVE-2015-8778 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. | |||||
| CVE-2015-8776 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2018-10-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. | |||||
| CVE-2015-8560 | 3 Canonical, Debian, Linuxfoundation | 4 Ubuntu Linux, Debian Linux, Cups-filters and 1 more | 2018-10-30 | 7.5 HIGH | 7.3 HIGH |
| Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. | |||||
| CVE-2015-8327 | 4 Canonical, Debian, Linuxfoundation and 1 more | 9 Ubuntu Linux, Debian Linux, Cups-filters and 6 more | 2018-10-30 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. | |||||
| CVE-2015-7802 | 2 Canonical, Optipng Project | 2 Ubuntu Linux, Optipng | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file. | |||||
| CVE-2015-7801 | 2 Canonical, Optipng Project | 2 Ubuntu Linux, Optipng | 2018-10-30 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file. | |||||
| CVE-2015-7674 | 3 Canonical, Gnome, Opensuse | 3 Ubuntu Linux, Gdk-pixbuf, Opensuse | 2018-10-30 | 6.8 MEDIUM | N/A |
| Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-7575 | 3 Canonical, Mozilla, Opensuse | 6 Ubuntu Linux, Firefox, Firefox Esr and 3 more | 2018-10-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. | |||||
| CVE-2015-7545 | 4 Canonical, Git Project, Opensuse and 1 more | 4 Ubuntu Linux, Git, Opensuse and 1 more | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. | |||||
| CVE-2016-0503 | 4 Canonical, Opensuse, Oracle and 1 more | 5 Ubuntu Linux, Leap, Opensuse and 2 more | 2018-10-30 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. | |||||
| CVE-2015-5300 | 7 Canonical, Debian, Fedoraproject and 4 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | |||||
| CVE-2016-0504 | 4 Canonical, Opensuse, Oracle and 1 more | 5 Ubuntu Linux, Leap, Opensuse and 2 more | 2018-10-30 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. | |||||
| CVE-2016-0595 | 4 Canonical, Opensuse, Oracle and 1 more | 5 Ubuntu Linux, Leap, Opensuse and 2 more | 2018-10-30 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||||