Page 10 of 75 results (0.010 seconds)

CVSS: 4.3EPSS: 2%CPEs: 7EXPL: 1

CVE-2013-1864

https://notcve.org/view.php?id=CVE-2013-1864

The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack." Portable Tool Library (también conocido como PTLib) anterior a 2.10.10, utilizado en Ekiga anterior a 4.0.1, no detecta debidamente recursión durante expansión de entidad, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un documento PXML manipulado que contiene un número grande de referencias de entidad anidadas, también conocido como 'ataque de un billón de risas.' • http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html http://osvdb.org/91439 http://seclists.org/oss-sec/2013/q1/674 http://secunia.com/advisories/52659 http://sourceforge.net/p/opalvoip/code/28856 http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available http://www.securityfocus.com/bid/58520 https://exchange.xforce.ibmcloud.com/vulnerabilities/82885 https://www.suse.com/support/update/announcement/2014/suse-su-20140237-1.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1

CVE-2014-1496

https://notcve.org/view.php?id=CVE-2014-1496

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update. Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 podría permitir a usuarios locales ganar privilegios mediante la modificación de los contenidos Mar extraídos durante una actualización. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://www.mozilla.org/security/announce/2014/mfsa2014-16.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=925747 https://security.gentoo.org/glsa/201504-01 • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 1

CVE-2014-1505 – Mozilla: SVG filters information disclosure through feDisplacementMap (MFSA 2014-28)

https://notcve.org/view.php?id=CVE-2014-1505

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693. La implementación del filtro SVG en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 permite a atacantes remotos obtener información sensible de correlación de desplazamiento, y posiblemente evadir Same Origin Policy y leer texto de un dominio diferente, a través de ataques de tiempos involucrando elementos feDisplacementMap, un problema relacionado con CVE-2013-1693. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://rhn.redhat.com/errata/RHSA-2014-0310.html http://rhn.redhat.com/errata/RHSA-2014-0316.html http://www.debian.org/security/2014/dsa-2881 http://www.debian.org/security/2014/dsa-2911 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.1EPSS: 3%CPEs: 26EXPL: 1

CVE-2014-1508 – Mozilla: Information disclosure through polygon rendering in MathML (MFSA 2014-26)

https://notcve.org/view.php?id=CVE-2014-1508

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. La función libxul.so!gfxContext::Polygon en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 permite a atacantes remotos obtener información sensible de la memoria de procesos, causar una denegación de servicio (lectura fuera de rango y caída de aplicación), o posiblemente evadir Same Origin Policy a través de vectores involucrando la renderización de polígono MathML. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://rhn.redhat.com/errata/RHSA-2014-0310.html http://rhn.redhat.com/errata/RHSA-2014-0316.html http://www.debian.org/security/2014/dsa-2881 http://www.debian.org/security/2014/dsa-2911 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 2%CPEs: 24EXPL: 1

CVE-2014-1509 – Mozilla: Memory corruption in Cairo during PDF font rendering (MFSA 2014-27)

https://notcve.org/view.php?id=CVE-2014-1509

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document. Desbordamiento de buffer en la función _cairo_truetype_index_to_ucs4 en cairo, utilizado en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25, permite a atacantes remotos ejecutar código arbitrario a través de una extensión manipulada que renderiza fuentes en un documento PDF. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://rhn.redhat.com/errata/RHSA-2014-0310.html http://rhn.redhat.com/errata/RHSA-2014-0316.html http://www.mozilla.org/security/announce/2014/mfsa2014-27.html http://www.oracle.com/technetwork& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •