Page 14 of 257 results (0.018 seconds)

CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0

11 Dec 2013 — Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. Mozilla Firefox anteriores a 26.0 y SeaMonkey anteriores a 2.23 no considera apropiadamente el atributo sandbox de un elemento IFRAME durante el procesado de un elemento OBJECT, lo que permite a atacantes remotos franquear las restricciones de san... • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 9.8EPSS: 2%CPEs: 28EXPL: 1

11 Dec 2013 — Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners. Vulnerabilidad de liberación despues de uso en la función nsEventListenerManager :: HandleEventSubType en Mozilla Firefox anterior a 26.0, Firefox ESR 24.x ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html • CWE-416: Use After Free •

CVSS: 10.0EPSS: 6%CPEs: 28EXPL: 1

11 Dec 2013 — Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection. Vulnerabilidad de uso despues de liberación en la función nsNodeUtils::LastRelease en la interfaz de usuario en el editor de componentes en Mozilla Firefox anterior a 26.0, Fir... • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html • CWE-416: Use After Free •

CVSS: 9.8EPSS: 6%CPEs: 11EXPL: 0

11 Oct 2013 — Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. Vulnerabilidad de desbordamiento de buffer (heap) en la función fcgid_header_bucket_read de fcgd_bucket.c en el modulo mod_fcgid anterior a 2.3.9 para Apache HTTP Server permite a atacantes remotos tener unimpacto no especificado a través de vectores desconocidos. Robert Matthews discov... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html • CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 58%CPEs: 109EXPL: 0

26 Jul 2013 — The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. La implementación RFC en rdata.c en ISC BIND 9.7.x y 9.8.x anterior a 9.8.5-P2, ... • http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html •

CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0

17 Jul 2013 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser. Vulnerabilidad sin especificar en el componente MySQL Server en Oracle MySQL 5.3.31 y anteriores permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores desconocidos relacionados con el Server Parser. Multiple security issues were discovered in MySQL and this update includes new... • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html •

CVSS: 8.1EPSS: 0%CPEs: 17EXPL: 0

17 Jul 2013 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. Vulnerabilidad sin especificar en el componente MySQL Server en Oracle MySQL 5.6.11 y anteriores y 5.5.31 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores relacionados con Data Manipulation Language. Multiple security issu... • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html •

CVSS: 7.4EPSS: 0%CPEs: 12EXPL: 0

17 Jul 2013 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition. Vulnerabilidad sin especificar en el componente MySQL Server en Oracle MySQL 5.6.10 y anteriores y 5.5.30 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores relacionados con Server Partition. • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

17 Jul 2013 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. Vulnerabilidad sin especificar en el componente MySQL Server en Oracle MySQL 5.5.30 y anteriores y 5.6.10 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores relacionados con Server Options. • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html •

CVSS: 8.1EPSS: 0%CPEs: 17EXPL: 0

17 Jul 2013 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Vulnerabilidad sin especificar en el componente MySQL Server en Oracle MySQL 5.5.31 y anteriores, 5.1.69 y anteriores y 5.6.11 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores relacionados con Server Full Text S... • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html •