CVSS: 9.8EPSS: 6%CPEs: 28EXPL: 1CVE-2012-4216 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)
https://notcve.org/view.php?id=CVE-2012-4216
21 Nov 2012 — Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Uso después de liberación en la función gfxFont::GetFontEntry en Mozilla Firefox antes de 17.0, Firefox ESR 10.x antes de 10.0.11, Thunderbird antes de 17.0, Thund... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 5.4EPSS: 1%CPEs: 4EXPL: 0CVE-2012-4533
https://notcve.org/view.php?id=CVE-2012-4533
19 Nov 2012 — Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en los detalles "extra" en la función DiffSource._get_row en lib/viewvc.py en ViewVC v1.0.x antes de v1.0.13 y v1.1.x antes de v1.1.16 perm... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 26%CPEs: 16EXPL: 1CVE-2012-4564 – libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file
https://notcve.org/view.php?id=CVE-2012-4564
11 Nov 2012 — ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. ppm2tiff no comprueba el valor devuelto por la función TIFFScanlineSize, lo que permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una image... • http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 37EXPL: 0CVE-2012-3163 – mysql: unspecified vulnerability related to Information Schema (CPU Oct 2012)
https://notcve.org/view.php?id=CVE-2012-3163
17 Oct 2012 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.64 y anteriores, y v5.5.26 y anteriores, permite a usuarios remotos autenticados a afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos ... • http://rhn.redhat.com/errata/RHSA-2012-1462.html •
CVSS: 9.1EPSS: 0%CPEs: 15EXPL: 0CVE-2012-3166 – mysql: unspecified DoS vulnerability related to InnoDB (CPU Oct 2012)
https://notcve.org/view.php?id=CVE-2012-3166
17 Oct 2012 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.63 y anteriores, y v5.5.25 y anteriores, permite a usuarios remotos autenticados a afectar la disponibilidad a través de vectores desconocidos relacionados con InnoDB. Multiple vulnerabilities have been found in MySQL,... • http://rhn.redhat.com/errata/RHSA-2012-1462.html •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0CVE-2012-3167 – mysql: unspecified DoS vulnerability related to Server Full Text Search (CPU Oct 2012)
https://notcve.org/view.php?id=CVE-2012-3167
17 Oct 2012 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.63 y anteriores, y v5.5.25 y anteriores, permite a usuarios remotos autenticados a afectar la disponibilidad a través de vectores desconocidos relacionados con Server Full Text Search. Multiple vulnera... • http://rhn.redhat.com/errata/RHSA-2012-1462.html •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0CVE-2012-3173 – mysql: unspecified DoS vulnerability related to InnoDB Plugin (CPU Oct 2012)
https://notcve.org/view.php?id=CVE-2012-3173
17 Oct 2012 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.63 y anteriores, y v5.5.25 y anteriores, permite a usuarios remotos autenticados a afectar la disponibilidad a través de vectores desconocidos relacionados con InnoDB Plugin. Multiple vulnerabilities have been f... • http://rhn.redhat.com/errata/RHSA-2012-1462.html •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0CVE-2012-3180 – mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Oct 2012)
https://notcve.org/view.php?id=CVE-2012-3180
17 Oct 2012 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.65 y anteriores, y v5.5.27 y anteriores, permite a usuarios remotos autenticados a afectar la disponibilidad a través de vectores desconocidos relacionados con Server Optimizer. Multiple vulnerabilities have ... • http://rhn.redhat.com/errata/RHSA-2012-1462.html •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0CVE-2012-3197 – mysql: unspecified DoS vulnerability related to Server Replication (CPU Oct 2012)
https://notcve.org/view.php?id=CVE-2012-3197
17 Oct 2012 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication. Vulnerabilidad no especificada en el componente de MySQL Server en Oracle MySQL v5.1.64 y anteriores, y v5.5.26 y anteriores, permite a usuarios autenticados remotamente afectar a la disponibilidad a través de vectores desconocidos relacionados con Server Replication. Multiple vulnerabil... • http://rhn.redhat.com/errata/RHSA-2012-1462.html •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2012-3150 – mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Oct 2012)
https://notcve.org/view.php?id=CVE-2012-3150
16 Oct 2012 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Vulnerabilidad no especificada en el componente de MySQL Server de Oracle MySQL v5.1.64 y anteriores y 5.5.26 y anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con el Server Optimizer. Multiple vulnerabilities h... • http://rhn.redhat.com/errata/RHSA-2012-1462.html •