Vulnerabilities > Redhat > Enterprise Linux Workstation > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-04-30 CVE-2014-1523 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.
6.5
2013-05-16 CVE-2013-1675 Improper Initialization vulnerability in multiple products
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
network
low complexity
mozilla canonical debian redhat opensuse CWE-665
6.5
2013-01-17 CVE-2013-0375 Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
network
low complexity
oracle mariadb canonical redhat
5.4
2012-10-03 CVE-2012-3489 XXE vulnerability in multiple products
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
6.5
2012-06-17 CVE-2012-0037 XXE vulnerability in multiple products
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
6.5
2012-06-05 CVE-2012-1798 Out-of-bounds Read vulnerability in multiple products
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
network
low complexity
imagemagick debian redhat opensuse CWE-125
6.5
2012-06-05 CVE-2012-0260 Resource Exhaustion vulnerability in multiple products
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
6.5
2012-06-05 CVE-2012-0248 Infinite Loop vulnerability in multiple products
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
local
low complexity
imagemagick debian canonical redhat CWE-835
5.5
2011-09-06 CVE-2011-1776 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.
low complexity
linux redhat CWE-119
6.1
2010-06-22 CVE-2010-1637 Server-Side Request Forgery (SSRF) vulnerability in multiple products
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
network
low complexity
squirrelmail fedoraproject apple redhat CWE-918
6.5