CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1502
https://notcve.org/view.php?id=CVE-2014-1502
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. Las funciones (1) WebGL.compressedTexImage2D y (2) WebGL.compressedTexSubImage2D en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 permiten a atacantes remotos evadir Same Origin Policy y renderizar contenido en un dominio diferente a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://www.mozilla.org/security/announce/2014/mfsa2014-22.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=972622 https://s • CWE-346: Origin Validation Error •
CVSS: 2.6EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1504
https://notcve.org/view.php?id=CVE-2014-1504
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. La funcionalidad session-restore en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 no considera Content Security Policy de un dato: URL, lo que facilita a atacantes remotos realizar ataques de XSS a través de un documento manipulado que es accedido después de un reinicio de navegador. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://www.mozilla.org/security/announce/2014/mfsa2014-23.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=911547 https://s • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 16EXPL: 0CVE-2011-4093
https://notcve.org/view.php?id=CVE-2011-4093
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided. Desbordamiento de enteros en inc/server.hpp en libnet6 (también conocido como net6) anterior a 1.3.14 podría permitir a atacantes remotos secuestrar conexiones y ganar privilegios como otros usuarios mediante la realización de un gran número de conexiones hasta que el desbordamiento ocurre y la identidad de otro usuario es proporcionado. • http://git.0x539.de/?p=net6.git%3Ba=commitdiff%3Bh=ac61d7fb42a1f977fb527e024bede319c4a9e169%3Bhp=08c8e2261604c6fcbbaf62f9ae9d13f7015fcb9a http://lists.opensuse.org/opensuse-updates/2012-01/msg00044.html http://lists.opensuse.org/opensuse-updates/2012-01/msg00054.html http://www.openwall.com/lists/oss-security/2011/10/31/1 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://bugzilla.novell.com/show_bug.cgi?id=727710 https://bugzilla.redhat.com/show_bug.cgi?id=750631 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0CVE-2011-4091
https://notcve.org/view.php?id=CVE-2011-4091
The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences. El servidor de libobby en inc/server.hpp en libnet6 (también conocido como net6) anterior a 1.3.14 no realiza autenticación antes de comprobar el nombre de usuario, lo que permite a atacantes remotos obtener información sensible tal como patrones de uso del servidor de un usuario especifico y preferencias de color. • http://git.0x539.de/?p=net6.git%3Ba=commitdiff%3Bh=84afca022f063f89bfcd4bb32b1ee911f555abf1%3Bhp=ac61d7fb42a1f977fb527e024bede319c4a9e169 http://lists.opensuse.org/opensuse-updates/2012-01/msg00044.html http://lists.opensuse.org/opensuse-updates/2012-01/msg00054.html http://www.openwall.com/lists/oss-security/2011/10/31/1 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://bugzilla.novell.com/show_bug.cgi?id=727708 https://bugzilla.redhat.com/show_bug.cgi?id=750632 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0CVE-2014-1478
https://notcve.org/view.php?id=CVE-2014-1478
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar un código arbitrario a través de vectores relacionados con la clase MPostWriteBarrier en js/src/jit/MIR.h y alineación de pila en js/src/jit/AsmJS.cpp en OdinMonkey y otros vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://osvdb.org/102865 http://secunia.com/advisories/56706 http://secunia.com/advisories/56767 http://secunia.com/advisories/56787 http://secunia.com/advisories/56888 http://secunia.com/advisories/56922 http://www.mozilla.org/security/announce/2014/mfsa2014-01.html& • CWE-787: Out-of-bounds Write •