CVE-2014-1482
- EPSS 6.3%
- Veröffentlicht 06.02.2014 05:44:24
- Zuletzt bearbeitet 29.04.2026 01:13:23
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of s...
- EPSS 2.47%
- Veröffentlicht 06.02.2014 05:44:24
- Zuletzt bearbeitet 29.04.2026 01:13:23
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPosi...
CVE-2014-1485
- EPSS 3%
- Veröffentlicht 06.02.2014 05:44:24
- Zuletzt bearbeitet 29.04.2026 01:13:23
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute a...
- EPSS 7.07%
- Veröffentlicht 06.02.2014 05:44:24
- Zuletzt bearbeitet 29.04.2026 01:13:23
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unsp...
CVE-2011-3377
- EPSS 2.22%
- Veröffentlicht 05.02.2014 19:55:28
- Zuletzt bearbeitet 29.04.2026 01:13:23
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose orig...
CVE-2011-4613
- EPSS 0.86%
- Veröffentlicht 05.02.2014 19:55:28
- Zuletzt bearbeitet 29.04.2026 01:13:23
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misint...
CVE-2011-2725
- EPSS 2.95%
- Veröffentlicht 04.02.2014 23:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
CVE-2013-6891
- EPSS 0.45%
- Veröffentlicht 26.01.2014 01:55:09
- Zuletzt bearbeitet 29.04.2026 01:13:23
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
CVE-2013-0339
- EPSS 3.61%
- Veröffentlicht 21.01.2014 18:55:09
- Zuletzt bearbeitet 29.04.2026 01:13:23
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource cons...
CVE-2013-2037
- EPSS 1.32%
- Veröffentlicht 18.01.2014 21:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle a...