Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying vulnerability details 1 - 10 of 52372 in total

DSA-2988-1 transmission -- security update Vulnerability

  • Severity: 4
  • Published: July 23, 2014

Ben Hawkes discovered that incorrect handling of peer messages in the Transmission bittorrent client could result in denial of service or the execution of arbitrary code.

DSA-2984-1 acpi-support -- security update Vulnerability

  • Severity: 7
  • Published: July 23, 2014

Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

FreeBSD: bugzilla -- Cross Site Request Forgery (CVE-2014-1546) Vulnerability

  • Severity: 4
  • Published: July 23, 2014

A Bugzilla Security Advisory reports: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content sat...

USN-2297-1: acpi-support vulnerability Vulnerability

  • Severity: 7
  • Published: July 23, 2014

Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

USN-2300-1: LZO vulnerability Vulnerability

  • Severity: 4
  • Published: July 23, 2014

Don A. Bailey discovered that LZO incorrectly handled certain input data.An attacker could use this issue to cause LZO to crash, resulting in adenial of service, or possibly execute arbitrary code. The problem can be corrected by updating your system to the following package version: To update your system, please follow these instructio...

MFSA2014-63 Thunderbird: Use-after-free while when manipulating certificates in the trusted cache (CVE-2014-1544) Vulnerability

  • Severity: 10
  • Published: July 22, 2014

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertific...

FreeBSD: mozilla -- multiple vulnerabilities (Multiple CVEs) Vulnerability

  • Severity: 10
  • Published: July 22, 2014

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object.

MFSA2014-57 Firefox: Buffer overflow during Web Audio buffering for playback (CVE-2014-1549) Vulnerability

  • Severity: 9
  • Published: July 22, 2014

The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content t...