Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2014-03-19	CVE-2014-1500	Resource Exhaustion vulnerability in multiple products Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. network low complexity opensuse opensuse-project oracle mozilla suse CWE-400	5.0
2014-03-19	CVE-2014-1499	Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt. network suse mozilla oracle opensuse opensuse-project	4.3
2014-03-19	CVE-2014-1498	Improper Verification of Cryptographic Signature vulnerability in multiple products The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm. network low complexity suse oracle opensuse opensuse-project mozilla CWE-347	5.0
2014-03-19	CVE-2014-1497	Out-Of-Bounds Read vulnerability in multiple products The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file. network mozilla debian suse opensuse canonical redhat CWE-125	6.8
2014-03-14	CVE-2014-2324	Path Traversal vulnerability in multiple products Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. network low complexity lighttpd debian opensuse suse contec CWE-22	5.0
2014-03-11	CVE-2014-2309	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. low complexity linux opensuse suse CWE-119	6.1
2014-02-14	CVE-2013-4415	Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_hour, (17) start_minute, (18) start_month, (19) start_year, or (20) whereToSearch variable in an scap audit results search; (21) end_minute, (22) end_month, (23) end_year, (24) errata_type_bug, (25) errata_type_enhancement, (26) errata_type_security, (27) fineGrained, (28) list_1892635924_sortdir, (29) optionIssueDateSearch, (30) start_am_pm, (31) start_day, (32) start_hour, (33) start_minute, (34) start_month, (35) start_year, or (36) view_mode variable in an errata search; or (37) fineGrained variable in a systems search, related to PAGE_SIZE_LABEL_SELECTED. network redhat suse CWE-79	4.3
2014-02-06	CVE-2014-1491	Inadequate Encryption Strength vulnerability in Mozilla products Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. network mozilla oracle fedoraproject opensuse suse debian canonical CWE-326	4.3
2014-02-06	CVE-2014-1489	Permissions, Privileges, and Access Controls vulnerability in multiple products Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. network oracle suse mozilla opensuse opensuse-project canonical CWE-264	4.3
2014-02-06	CVE-2014-1484	Information Exposure vulnerability in multiple products Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. network low complexity suse mozilla google opensuse opensuse-project oracle CWE-200	5.0