Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2014-03-19	CVE-2014-1497	Out-Of-Bounds Read vulnerability in multiple products The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file. network mozilla debian suse opensuse canonical redhat CWE-125	6.8
2014-01-15	CVE-2014-0412	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. network low complexity oracle mariadb canonical debian redhat	4.0
2014-01-15	CVE-2014-0402	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking. network low complexity oracle mariadb canonical debian redhat	4.0
2014-01-15	CVE-2014-0401	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors. network low complexity oracle mariadb canonical debian redhat	4.0
2014-01-15	CVE-2014-0386	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. network low complexity oracle mariadb canonical debian redhat	4.0
2013-12-11	CVE-2013-5614	Improper Restriction of Rendered UI Layers OR Frames vulnerability in multiple products Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. network mozilla fedoraproject oracle canonical redhat opensuse suse CWE-1021	4.3
2013-12-11	CVE-2013-5612	Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header. network mozilla fedoraproject oracle canonical redhat opensuse suse CWE-79	4.3