CVEs (1,454)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
5Canonical MozillaOpensuse+2 more15Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+12 moreMay 6, 2026 Mar 19, 2014 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to...Show more |
6Canonical DebianMozilla+3 more16Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+13 moreMay 6, 2026 Mar 19, 2014 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from pro...Show more |
7Canonical DebianMozilla+4 more16Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+13 moreMay 6, 2026 Mar 19, 2014 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation informat...Show more |
4Mozilla OpensuseOracle+1 more7Firefox Linux Enterprise DesktopLinux Enterprise Sdk+4 moreMay 6, 2026 Mar 19, 2014 N/A· v4 N/A· v3 2.6 LOW· v2 The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scriptin...Show more |
5Mozilla OpensuseOpensuse Project+2 more8Firefox Linux Enterprise DesktopLinux Enterprise Server+5 moreMay 6, 2026 Mar 19, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a...Show more |
5Mozilla OpensuseOpensuse Project+2 more8Firefox Linux Enterprise DesktopLinux Enterprise Server+5 moreMay 6, 2026 Mar 19, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution...Show more |
5Mozilla OpensuseOpensuse Project+2 more8Firefox Linux Enterprise DesktopLinux Enterprise Server+5 moreMay 6, 2026 Mar 19, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generat...Show more |
5Mozilla OpensuseOpensuse Project+2 more8Firefox Linux Enterprise DesktopLinux Enterprise Server+5 moreMay 6, 2026 Mar 19, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash)...Show more |
6Canonical DebianMozilla+3 more16Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+13 moreMay 6, 2026 Mar 19, 2014 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information f...Show more |
5Mozilla OpensuseOpensuse Project+2 more8Firefox Linux Enterprise DesktopLinux Enterprise Server+5 moreMay 6, 2026 Mar 19, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl...Show more |
6Canonical DebianMozilla+3 more16Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+13 moreMay 6, 2026 Mar 19, 2014 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of serv...Show more |
3Debian GoogleOpensuse3Chrome Debian LinuxOpensuseMay 6, 2026 Mar 16, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other...Show more |
5Contec DebianLighttpd+2 more6Debian Linux LighttpdLinux Enterprise High Availability Extension+3 moreMay 6, 2026 Mar 14, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_che...Show more |
4Debian LighttpdOpensuse+1 more5Debian Linux LighttpdLinux Enterprise High Availability Extension+2 moreMay 6, 2026 Mar 14, 2014 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. |
5Canonical DebianFile Project+2 more5Debian Linux FileOpensuse+2 moreMay 6, 2026 Mar 14, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. |
Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. |
2Logilab Opensuse2Logilab Common OpensuseMay 6, 2026 Mar 11, 2014 N/A· v4 N/A· v3 4.4 MEDIUM· v2 The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file. |
2Logilab Opensuse2Logilab Common OpensuseMay 6, 2026 Mar 11, 2014 N/A· v4 N/A· v3 4.4 MEDIUM· v2 The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /...Show more |
3Linux OpensuseSuse3Linux Enterprise Server Linux KernelOpensuseMay 6, 2026 Mar 11, 2014 N/A· v4 N/A· v3 6.1 MEDIUM· v2 The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a floo...Show more |
4Adobe OpensuseRedhat+1 more10Adobe Air Adobe Air SdkEnterprise Linux Desktop+7 moreApr 21, 2026 Feb 21, 2014 N/A· v4 8.8 HIGH· v3 10.0 HIGH· v2 Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR S...Show more |