Lucene search
K
SuseLinux Enterprise Desktop10

176 matches found

CVE
CVE
added 2012/06/07 10:0 p.m.1242 views

CVE-2012-0507

CVE-2012-0507 affects Oracle Java SE/JRE (7u2 and earlier, 6u30 and earlier, 5.0u33 and earlier). Root cause: AtomicReferenceArray may not enforce Object[] type, enabling type confusion. Impacts include potential sandbox breach and JVM crash; remote code execution is discussed in related advisori...

10CVSS9AI score0.98113EPSS
In wild
CVE
CVE
added 2013/06/18 10:0 p.m.1198 views

CVE-2013-2465

CVE-2013-2465 is a Java 2D component vulnerability that can cause memory corruption and potential sandbox bypass/remote code execution. It affected Oracle Java SE up to JRE 7u21, JDK 6 up to 6u45, and OpenJDK 7, with 2D-related vectors noted in public disclosures. Several advisories (Debian DSA-2...

10CVSS6.7AI score0.98704EPSS
In wild
CVE
CVE
added 2013/06/26 1:0 a.m.1176 views

CVE-2013-1690

CVE-2013-1690 affects Mozilla Firefox prior to 22.0, Firefox ESR 17.x prior to 17.0.7, Thunderbird prior to 17.0.7, and Thunderbird ESR 17.x prior to 17.0.7. Root cause is improper handling of onreadystatechange events with page reload, enabling a crafted web page to cause a denial-of-service (cr...

9.3CVSS7.4AI score0.69021EPSS
In wild
CVE
CVE
added 2013/02/14 1:0 a.m.1141 views

CVE-2013-0640

CVE-2013-0640 is a memory corruption remote code execution vulnerability in Adobe Reader and Acrobat. It affects Adobe Reader/Acrobat 9.x prior to 9.5.4, 10.x prior to 10.1.6, and 11.x prior to 11.0.02, exploitable via a crafted PDF and observed in the wild in February 2013. The impact includes r...

9.3CVSS7.7AI score0.86979EPSS
In wild
CVE
CVE
added 2012/06/09 12:0 a.m.1112 views

CVE-2012-2034

CVE-2012-2034 concerns memory corruption in Adobe Flash Player (and Adobe AIR) that enables remote code execution or DoS via unspecified vectors. Affected platforms include Windows/macOS prior to 10.3.183.20 and 11.x before 11.3.300.257 (Windows/macOS), Linux prior to 11.2.202.236, Android 2.x/3....

9.3CVSS7.6AI score0.078EPSS
In wild
CVE
CVE
added 2011/04/13 2:0 p.m.1033 views

CVE-2011-0611

CVE-2011-0611 affects Adobe Flash Player before 10.2.154.27 (Windows/macOS/Linux/Solaris) and 10.2.156.12 and earlier on Android, plus Authplay.dll in Reader/Acrobat components. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service via crafted Flash cont...

9.3CVSS8.8AI score0.9941EPSS
In wild
CVE
CVE
added 2013/05/16 10:0 a.m.1022 views

CVE-2013-2729

CVE-2013-2729 : Integer overflow in Adobe Reader/Acrobat BMP/RLE image handling can lead to arbitrary code execution. Affected: Adobe Reader/Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03. Root cause: heap/buffer overflow while parsing embedded BMP RLE resources in PDFs. Im...

10CVSS7.6AI score0.66555EPSS
In wild
CVE
CVE
added 2012/08/15 10:0 a.m.1020 views

CVE-2012-1535

Adobe Flash Player suffers an arbitrary code execution/DoS vulnerability (CVE-2012-1535) via crafted SWF content. Expected impact is remote code execution or application crash; evidence cites in-the-wild activity in August 2012. Affected versions are Windows/Mac OS X: prior to 11.3.300.271; Linux...

9.3CVSS7.7AI score0.70384EPSS
In wild
CVE
CVE
added 2013/02/14 1:0 a.m.1001 views

CVE-2013-0641

CVE-2013-0641 is a buffer overflow in Adobe Reader and Acrobat versions prior to certain patches that allows a remote attacker to execute arbitrary code via a crafted PDF. The description specifies impact as remote code execution, with exploitation observed in the wild in February 2013. Affected ...

9.3CVSS7.8AI score0.32449EPSS
In wild
CVE
CVE
added 2009/09/08 6:0 p.m.551 views

CVE-2009-3095

CVE-2009-3095 is a vulnerability in Apache httpd’s mod_proxy_ftp that allows remote authenticated attackers to bypass access restrictions and send arbitrary commands to an FTP server via crafted HTTP Authorization header vectors. The issue is part of a set of fixes for mod_proxy_ftp in the same a...

5CVSS9.4AI score0.1256EPSS
CVE
CVE
added 2011/12/25 1:0 a.m.422 views

CVE-2011-4862

CVE-2011-4862 is a remote pre-authentication buffer overflow in the encryption handling of BSD telnetd: libtelnet/encrypt.c in telnetd on FreeBSD 7.3–9.0, krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, and GNU inetutils. The underlying bug allows arbitrary code execution by sending a lon...

10CVSS7.3AI score0.95104EPSS
CVE
CVE
added 2012/06/09 12:0 a.m.320 views

CVE-2012-2037

Adobe Flash Player and AIR vulnerability CVE-2012-2037 involves memory corruption that could allow remote code execution orDoS. Affected products span multiple platforms; remediation in the related advisories shows upgrading Flash Player to 11.2.202.236 (and corresponding AIR update 3.3.0.3610) m...

9.3CVSS7.6AI score0.03843EPSS
In wild
CVE
CVE
added 2009/04/17 2:0 p.m.264 views

CVE-2009-1185

CVE-2009-1185 affects udev before 1.4.1, which does not verify NETLINK message origin from kernel space, enabling a local user to gain privileges by sending a crafted NETLINK message. Public references show PoC/exploit activity (e.g., Metasploit module, Exploit-DB entries) and multiple advisories...

7.2CVSS7.4AI score0.81528EPSS
CVE
CVE
added 2012/02/01 4:0 p.m.256 views

CVE-2012-0444

CVE-2012-0444 describes a heap-based memory corruption vulnerability in the libvorbis Ogg Vorbis parser that could allow remote code execution or a crash when processing crafted Ogg Vorbis files. Affected products across Mozilla ecosystem (Firefox, Thunderbird, Seamonkey and related XULRunner/Ice...

10CVSS8.9AI score0.07936EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.256 views

CVE-2013-0753

CVE-2013-0753 is a Use‑after‑free vulnerability in Mozilla Firefox’s XMLSerializer.serializeToStream, affecting Firefox before 18.0 (and ESR/Thunderbird/SeaMonkey variants) and allowing remote code execution via crafted content. The issue is exploitable as part of Firefox 17.x lineage; Metasploit...

9.3CVSS9.5AI score0.51324EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.255 views

CVE-2013-4002

CVE-2013-4002 affects the Xerces2 Java XML parser. XMLScanner.java in Xerces2 Java Parser before 2.12.0 (as used in various JREs and Oracle/Jakarta distributions) could allow remote denial of service via vectors related to XML attribute names. IBM and other vendors document DoS impact on affected...

7.1CVSS6.7AI score0.24738EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.248 views

CVE-2013-0758

CVE-2013-0758 affects Mozilla Firefox (pre-18.0), Firefox ESR (pre-10.0.12 and pre-17.0.2), Thunderbird (pre-17.0.2, including ESR 10.x pre-10.0.12 and pre-17.0.2), and SeaMonkey (pre-2.15). It allows remote attackers to execute arbitrary JavaScript with chrome privileges due to improper interact...

9.3CVSS9.4AI score0.73364EPSS
CVE
CVE
added 2010/12/30 6:0 p.m.200 views

CVE-2010-4258

The CVE-2010-4258 issue affects the Linux kernel versions prior to 2.6.36.2. The do_exit function in kernel/exit.c mishandles a KERNEL_DS get_fs value, bypassing access_ok checks and enabling local privilege escalation by overwriting arbitrary kernel memory. Exploitation vectors include use of th...

6.2CVSS6AI score0.02655EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.187 views

CVE-2012-5829

CVE-2012-5829 is a heap-based buffer overflow in the nsWindow::OnExposeEvent function affecting Mozilla Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before 2.14. Connected documents confirm this vulnerability across multip...

9.3CVSS9.2AI score0.08439EPSS
CVE
CVE
added 2009/08/27 5:0 p.m.186 views

CVE-2009-2698

CVE-2009-2698 affects the Linux kernel UDP implementation (net/ipv4/udp.c and net/ipv6/udp.c) prior to 2.6.19. Local users can gain privileges or cause a denial of service (NULL pointer dereference/system crash) via UDP socket use with MSG_MORE. Oracle Linux/MiracleLinux advisories reference this...

7.8CVSS7.1AI score0.0718EPSS
In wild
CVE
CVE
added 2012/06/16 9:0 p.m.184 views

CVE-2012-1717

CVE-2012-1717 is an unspecified local confidentiality vulnerability in the Java Runtime Environment affecting Oracle JRE 7u4 and earlier, 6u32 and earlier, 5u35 and earlier, and 1.4.2_37 and earlier, related to printing on Solaris/Linux. Connected documents (including IBM BigInsights/InfoSphere a...

2.1CVSS7.6AI score0.00476EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.176 views

CVE-2012-4186

CVE-2012-4186 : Heap-based buffer overflow in Mozilla Firefox’s nsWaveReader::DecodeAudioData. Affected products include Firefox before 16.0 (and Firefox ESR 10.x before 10.0.8), Thunderbird before 16.0, and SeaMonkey before 2.13. Vectors are unspecified in the provided docs, but exploitation wou...

9.3CVSS9.6AI score0.147EPSS
CVE
CVE
added 2012/06/09 12:0 a.m.173 views

CVE-2012-2036

Adobe Flash Player and Adobe AIR are affected by multiple CVEs (CVE-2012-2034 to CVE-2012-2040) including an integer overflow and related memory corruption that could allow arbitrary code execution. The CVEs apply to various platforms: Windows, macOS, Linux, and Android, with Adobe AIR тоже affec...

9.3CVSS7.7AI score0.04864EPSS
CVE
CVE
added 2012/06/09 12:0 a.m.170 views

CVE-2012-2038

CVE-2012-2038 affects Adobe Flash Player across Windows, macOS, Linux, Android, and Adobe AIR before 3.3.0.3610. The issue allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Connected sources note that the Flash Player update to 11.2....

4.3CVSS5.9AI score0.03655EPSS
CVE
CVE
added 2009/02/22 10:0 p.m.169 views

CVE-2009-0040

The CVE-2009-0040 issue affects the PNG reference library (libpng) as used in pngcrush and other apps. A crafted PNG can trigger a free of an uninitialized pointer in png_read_png, pCAL chunk handling, or 16-bit gamma table setup, enabling denial of service or possibly arbitrary code execution. A...

6.8CVSS8.1AI score0.04825EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.169 views

CVE-2013-0754

CVE-2013-0754 is a use-after-free in the ListenerManager of Mozilla Firefox (and related Firefox ESR, Thunderbird, SeaMonkey). According to the description, triggering garbage collection after memory allocation for listener objects can allow a remote attacker to execute arbitrary code. Affected p...

9.3CVSS9.4AI score0.05381EPSS
CVE
CVE
added 2013/02/27 12:0 a.m.166 views

CVE-2013-0648

Adobe Flash Player contains a code execution vulnerability in the ExternalInterface ActionScript pathway. Affected versions include Windows/Mac builds prior to 10.3.183.67 and 11.x prior to 11.6.602.171, and Linux builds prior to 10.3.183.67 and 11.x prior to 11.2.202.273. Exploitation could occu...

9.3CVSS7.6AI score0.11094EPSS
In wild
CVE
CVE
added 2012/06/09 12:0 a.m.164 views

CVE-2012-2035

The CVE-2012-2035 entry concerns a stack-based buffer overflow in Adobe Flash Player (Windows/macOS/Linux) and Adobe AIR that enables arbitrary code execution via unspecified vectors. Connected advisories (OpenVAS/Nessus entries and vendor bulletins) corroborate that multiple Flash Player vulnera...

9.3CVSS7.9AI score0.05891EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.161 views

CVE-2013-0750

CVE-2013-0750 is a high-severity vulnerability in Mozilla’s JavaScript engine where an integer overflow during string concatenation can lead to heap-based memory corruption and remote code execution. Affected products include Firefox prior to 18.0 (and ESR branches), Thunderbird prior to 17.0.2, ...

9.3CVSS9.6AI score0.0633EPSS
CVE
CVE
added 2010/12/06 9:0 p.m.160 views

CVE-2010-4180

OpenSSL vulnerability CVE-2010-4180 affects OpenSSL versions before 0.9.8q and 1.0.x before 1.0.0c when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. The flaw allows remote attackers to modify the ciphersuite in the session cache, enabling a downgrade to an unintended cipher by sniffing net...

4.3CVSS6.6AI score0.09497EPSS
CVE
CVE
added 2012/06/09 12:0 a.m.159 views

CVE-2012-2039

CVE-2012-2039 affects Adobe Flash Player prior to 10.3.183.20 and 11.x prior to 11.3.300.257 on Windows/Mac; prior to 10.3.183.20 and 11.x prior to 11.2.202.236 on Linux; prior to 11.1.111.10 on Android 2.x/3.x; prior to 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610. The vulnerabilit...

9.3CVSS7.6AI score0.04748EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.159 views

CVE-2013-0757

CVE-2013-0757 affects Mozilla Firefox (and related Mozilla-based apps) via a Chrome Object Wrapper (COW) bypass that allows changing the prototype of an object, enabling arbitrary code execution with chrome privileges. The SUSE/openSUSE and Gentoo/Nessus summaries map this to MFSA 2013-14 and lis...

9.3CVSS9.1AI score0.60859EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.158 views

CVE-2012-1970

CVE-2012-1970 affects Mozilla Firefox before 15.0, Thunderbird before 15.0, ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The issue stems from multiple unspecified vulnerabilities in the browser engine that can allow remote attackers to cause memory corruption and application crashes or pote...

10CVSS9.8AI score0.05566EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.154 views

CVE-2013-0748

CVE-2013-0748 affects Mozilla Firefox (before 18.0 and ESR 10.x before 10.0.12, and 17.x before 17.0.2), Thunderbird (before 17.0.2, ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The flaw is in XBL.proto .toString, where calling toString on an XBL object can leak a...

4.3CVSS9.2AI score0.01998EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.153 views

CVE-2012-3990

CVE-2012-3990 is a use-after-free vulnerability in the IME State Manager implementation of Mozilla Firefox and related Mozilla products. Affected versions include Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before...

9.3CVSS9.4AI score0.05201EPSS
CVE
CVE
added 2013/04/03 10:0 a.m.153 views

CVE-2013-0800

CVE-2013-0800 : An integer signedness error in the pixman_fill_sse2 function (pixman-sse2.c) used by Cairo and shipped with Mozilla Firefox and related products allows a remote attacker to trigger an out-of-bounds write via crafted values (negative box boundary or negative box size). This affects...

6.8CVSS9.7AI score0.03941EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.152 views

CVE-2012-1976

CVE-2012-1976 refers to a Use-after-free in Mozilla Firefox’s nsHTMLSelectElement::SubmitNamesValues. Affected products include Firefox before 15.0, Firefox ESR before 10.0.7 (10.x), Thunderbird before 15.0, Thunderbird ESR before 10.0.7, and SeaMonkey before 2.12. Impact per the description is r...

10CVSS9.4AI score0.05613EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.151 views

CVE-2012-1972

CVE-2012-1972 is a use-after-free in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox, with remote code execution/denial of service via heap memory corruption. Affected products/versions include Firefox prior to 15.0, Firefox ESR 10.x prior to 10.0.7, and Thunderbird prior ...

10CVSS9.4AI score0.05566EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.151 views

CVE-2013-0744

CVE-2013-0744 is a use-after-free in the TableBackgroundPainter::TableBackgroundData::Destroy function of Mozilla Firefox prior to 18.0 (and Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2), Thunderbird prior to 17.0.2/ESR 10.x before 10.0.12/17.x before 17.0.2, and SeaMonkey prior to 2.15...

9.3CVSS9.6AI score0.06147EPSS
CVE
CVE
added 2010/06/10 12:0 a.m.150 views

CVE-2010-0395

CVE-2010-0395 affects OpenOffice.org 2.x/3.0 up to 3.2.0.x; a crafted OpenDocument Text file can bypass Python macro security restrictions and cause remote code execution by a user-assisted action when the macro directory is previewed. The underlying issue is insufficient enforcement of Python ma...

9.3CVSS6.7AI score0.10511EPSS
CVE
CVE
added 2011/01/03 7:26 p.m.148 views

CVE-2010-3876

CVE-2010-3876 affects the Linux kernel: the code path net/packet/af_packet.c in kernel versions before 2.6.37-rc2 does not properly initialize certain structure members, allowing local users with CAP_NET_RAW to read copies of the applicable structures from kernel stack memory. Publicly document d...

1.9CVSS5.6AI score0.00377EPSS
CVE
CVE
added 2010/12/30 6:0 p.m.148 views

CVE-2010-4158

The CVE-2010-4158 issue affects the Linux kernel (pre-2.6.36.2) where sk_run_filter in net/core/filter.c may execute BPF_S_LD_MEM or BPF_S_LDX_MEM before a memory location is initialized. This can allow local users to read potentially sensitive kernel stack memory via a crafted socket filter. The...

2.1CVSS5.6AI score0.00868EPSS
CVE
CVE
added 2012/10/29 6:0 p.m.147 views

CVE-2012-4194

The CVE-2012-4194 issue affects Mozilla Firefox and related Mozilla components where the valueOf shadowing of the location object (window.location) enables cross-site scripting via plugin vectors. Affected software and versions (stated in the provided sources) include: Mozilla Firefox before 16.0...

4.3CVSS8.2AI score0.02835EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.146 views

CVE-2013-0746

CVE-2013-0746 affects Mozilla products including Firefox (before 18.0), Firefox ESR (before 10.0.12 and 17.x before 17.0.2), Thunderbird (before 17.0.2, and ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The issue is a quickstubs/jsval return-value handling flaw tha...

9.3CVSS9.5AI score0.04485EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.145 views

CVE-2012-3960

CVE-2012-3960 is a use-after-free in mozSpellChecker::SetCurrentDictionary that affects Mozilla Firefox <15.0, Firefox ESR <10.0.7, Thunderbird <15.0 / ESR, and SeaMonkey

10CVSS9.4AI score0.05408EPSS
CVE
CVE
added 2010/11/29 3:0 p.m.144 views

CVE-2010-4073

CVE-2010-4073 affects the Linux kernel IPC compatibility code: before 2.6.37-rc1, several compat syscall handlers (ipc/compat.c and ipc/compat_mq.c) fail to initialize certain structures, enabling local attackers to read potentially sensitive kernel stack memory via vectors in compat_sys_semctl, ...

1.9CVSS5.7AI score0.01542EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.144 views

CVE-2012-3972

CVE-2012-3972 affects the XSLT format-number functionality in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The vulnerability allows remote attackers to obtain sensitive information via unspecif...

5CVSS8.8AI score0.03957EPSS
CVE
CVE
added 2012/02/01 4:0 p.m.142 views

CVE-2012-0442

CVE-2012-0442 covers multiple memory-safety vulnerabilities in the Mozilla browser engine affecting Firefox before 3.6.26 and 4.x–9.0, Thunderbird before 3.1.18 and 5.0–9.0, and SeaMonkey before 2.7. The issues can cause memory corruption, application crashes, or potentially remote code execution...

9.3CVSS10AI score0.04597EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.142 views

CVE-2012-3986

CVE-2012-3986 affects Mozilla Firefox prior to 16.0 (and Firefox ESR 10.x prior to 10.0.8), Thunderbird prior to 16.0, and SeaMonkey before 2.13. The root cause is that certain DOMWindowUtils (nsDOMWindowUtils) methods were not protected by security checks, allowing remote JavaScript to bypass in...

4.3CVSS9AI score0.02512EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.141 views

CVE-2013-0755

CVE-2013-0755 refers to a use-after-free in the mozVibrate implementation of the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15. The vulnerability allows remote code execution...

9.3CVSS9.3AI score0.06853EPSS
Total number of security vulnerabilities176