Search Results (2216 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1970 6 Canonical, Debian, Mozilla and 3 more 16 Ubuntu Linux, Debian Linux, Firefox and 13 more 2025-04-11 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-1972 6 Canonical, Debian, Mozilla and 3 more 16 Ubuntu Linux, Debian Linux, Firefox and 13 more 2025-04-11 N/A
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-1973 6 Canonical, Debian, Mozilla and 3 more 16 Ubuntu Linux, Debian Linux, Firefox and 13 more 2025-04-11 N/A
Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-1974 6 Canonical, Debian, Mozilla and 3 more 16 Ubuntu Linux, Debian Linux, Firefox and 13 more 2025-04-11 N/A
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-1975 6 Canonical, Debian, Mozilla and 3 more 16 Ubuntu Linux, Debian Linux, Firefox and 13 more 2025-04-11 N/A
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-1976 5 Canonical, Mozilla, Opensuse and 2 more 15 Ubuntu Linux, Firefox, Seamonkey and 12 more 2025-04-11 N/A
Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-0876 6 Canonical, Debian, Libexpat Project and 3 more 15 Ubuntu Linux, Debian Linux, Libexpat and 12 more 2025-04-11 N/A
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
CVE-2012-3991 4 Canonical, Mozilla, Redhat and 1 more 13 Ubuntu Linux, Firefox, Seamonkey and 10 more 2025-04-11 N/A
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.
CVE-2012-3990 5 Canonical, Debian, Mozilla and 2 more 14 Ubuntu Linux, Debian Linux, Firefox and 11 more 2025-04-11 N/A
Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function.
CVE-2012-0867 4 Debian, Opensuse Project, Postgresql and 1 more 11 Debian Linux, Opensuse, Postgresql and 8 more 2025-04-11 N/A
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
CVE-2012-2035 8 Adobe, Apple, Google and 5 more 14 Air, Flash Player, Macos and 11 more 2025-04-11 N/A
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.
CVE-2012-0574 4 Canonical, Mariadb, Oracle and 1 more 8 Ubuntu Linux, Mariadb, Mysql and 5 more 2025-04-11 N/A
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
CVE-2012-0572 4 Canonical, Mariadb, Oracle and 1 more 8 Ubuntu Linux, Mariadb, Mysql and 5 more 2025-04-11 N/A
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
CVE-2012-0540 3 Mariadb, Oracle, Redhat 7 Mariadb, Mysql, Enterprise Linux and 4 more 2025-04-11 N/A
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
CVE-2012-0260 5 Canonical, Debian, Imagemagick and 2 more 12 Ubuntu Linux, Debian Linux, Imagemagick and 9 more 2025-04-11 6.5 Medium
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
CVE-2012-2036 8 Adobe, Apple, Google and 5 more 14 Air, Flash Player, Macos and 11 more 2025-04-11 N/A
Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.
CVE-2012-0248 4 Canonical, Debian, Imagemagick and 1 more 11 Ubuntu Linux, Debian Linux, Imagemagick and 8 more 2025-04-11 5.5 Medium
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
CVE-2012-0247 4 Canonical, Debian, Imagemagick and 1 more 11 Ubuntu Linux, Debian Linux, Imagemagick and 8 more 2025-04-11 8.8 High
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
CVE-2012-0053 5 Apache, Debian, Opensuse and 2 more 12 Http Server, Debian Linux, Opensuse and 9 more 2025-04-11 N/A
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
CVE-2012-0037 6 Apache, Debian, Fedoraproject and 3 more 14 Openoffice, Debian Linux, Fedora and 11 more 2025-04-11 6.5 Medium
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.