Linux Enterprise Software Development Kit@11 Security Vulnerabilities and Issues — Page 4 of Linux Enterprise Software Development Kit@11 CVE List

Lucene search

SuseLinux Enterprise Software Development Kit11

189 matches found

CVE•added 2012/08/29 10:56 a.m.•79 views

CVE-2012-3976

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

4.3CVSS8.6AI score0.00776EPSS

CVE•added 2012/11/21 12:55 p.m.•79 views

CVE-2012-5835

Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) v...

10CVSS9.1AI score0.02068EPSS

CVE•added 2015/11/09 3:59 a.m.•79 views

CVE-2015-2695

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

5CVSS7AI score0.04048EPSS

CVE•added 2016/04/13 4:59 p.m.•79 views

CVE-2016-3068

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

8.8CVSS8.7AI score0.05065EPSS

CVE•added 2016/04/13 4:59 p.m.•79 views

CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

8.8CVSS8.7AI score0.0283EPSS

CVE•added 2012/11/21 12:55 p.m.•78 views

CVE-2012-4216

Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service ...

9.3CVSS9AI score0.0639EPSS

CVE•added 2012/11/21 12:55 p.m.•78 views

CVE-2012-5833

The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitr...

9.3CVSS9.1AI score0.02061EPSS

CVE•added 2014/06/05 8:55 p.m.•78 views

CVE-2014-3469

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

5CVSS5.6AI score0.06235EPSS

CVE•added 2015/12/07 8:59 p.m.•78 views

CVE-2015-5006

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.

2.1CVSS5.4AI score0.00073EPSS

CVE•added 2013/12/11 3:55 p.m.•77 views

CVE-2013-5610

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.9AI score0.00881EPSS

CVE•added 2014/02/06 5:44 a.m.•77 views

CVE-2014-1485

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient sty...

7.5CVSS9.4AI score0.00964EPSS

CVE•added 2012/11/21 12:55 p.m.•76 views

CVE-2012-4205

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive info...

6.8CVSS8.5AI score0.00875EPSS

CVE•added 2012/11/21 12:55 p.m.•75 views

CVE-2012-4208

The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web...

4.3CVSS8.1AI score0.0035EPSS

CVE•added 2012/11/21 12:55 p.m.•75 views

CVE-2012-4209

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross...

4.3CVSS7.8AI score0.02065EPSS

CVE•added 2012/08/29 10:56 a.m.•74 views

CVE-2012-3963

Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS9.4AI score0.02314EPSS

CVE•added 2012/11/21 12:55 p.m.•74 views

CVE-2012-4215

Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a de...

9.3CVSS9AI score0.04317EPSS

CVE•added 2012/11/21 12:55 p.m.•74 views

CVE-2012-5839

Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via un...

9.3CVSS9.1AI score0.05209EPSS

CVE•added 2012/11/21 12:55 p.m.•74 views

CVE-2012-5840

Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial ...

9.3CVSS9.1AI score0.04317EPSS

CVE•added 2016/06/06 5:59 p.m.•74 views

CVE-2015-5041

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

9.1CVSS8.7AI score0.00889EPSS

CVE•added 2017/02/03 3:59 p.m.•74 views

CVE-2016-2318

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.

5.5CVSS6.6AI score0.00236EPSS

CVE•added 2014/02/06 5:44 a.m.•73 views

CVE-2014-1484

Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.

5CVSS8.5AI score0.00632EPSS

CVE•added 2014/03/19 10:55 a.m.•73 views

CVE-2014-1499

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.

4.3CVSS9AI score0.00611EPSS

CVE•added 2011/11/11 6:55 p.m.•72 views

CVE-2011-3439

FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.

9.3CVSS7.4AI score0.06539EPSS

CVE•added 2012/11/21 12:55 p.m.•72 views

CVE-2012-5843

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3CVSS9.2AI score0.0299EPSS

CVE•added 2016/04/13 4:59 p.m.•72 views

CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

8.8CVSS8.7AI score0.05192EPSS

CVE•added 2012/11/21 12:55 p.m.•71 views

CVE-2012-5838

The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions.

9.3CVSS8.9AI score0.02018EPSS

CVE•added 2013/01/13 8:55 p.m.•71 views

CVE-2013-0771

Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted ...

9.3CVSS9.5AI score0.03151EPSS

CVE•added 2017/03/17 2:59 p.m.•71 views

CVE-2014-9854

coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

7.5CVSS7AI score0.01717EPSS

CVE•added 2012/11/21 12:55 p.m.•70 views

CVE-2012-4204

The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

9.3CVSS8.9AI score0.03013EPSS

CVE•added 2014/03/19 10:55 a.m.•70 views

CVE-2014-1494

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3CVSS9.9AI score0.00485EPSS

CVE•added 2011/07/11 8:55 p.m.•69 views

CVE-2011-1526

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FT...

6.5CVSS4.6AI score0.00228EPSS

CVE•added 2012/10/29 6:55 p.m.•68 views

CVE-2012-4195

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier ...

4.3CVSS8.2AI score0.00962EPSS

CVE•added 2012/10/29 6:55 p.m.•68 views

CVE-2012-4196

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats cer...

6.4CVSS8.8AI score0.00964EPSS

CVE•added 2012/11/21 12:55 p.m.•67 views

CVE-2012-4217

Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3CVSS8.8AI score0.02868EPSS

CVE•added 2016/07/13 3:59 p.m.•67 views

CVE-2015-8808

The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.

5.5CVSS5.2AI score0.00294EPSS

CVE•added 2012/11/21 12:55 p.m.•58 views

CVE-2012-4212

Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10CVSS8.8AI score0.02155EPSS

CVE•added 2012/11/21 12:55 p.m.•57 views

CVE-2012-4218

Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10CVSS8.8AI score0.02155EPSS

CVE•added 2014/03/19 10:55 a.m.•54 views

CVE-2014-1501

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.

5.8CVSS8.9AI score0.00229EPSS

CVE•added 2015/04/16 5:0 p.m.•53 views

CVE-2015-2576

Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.

2.1CVSS5.2AI score0.00093EPSS

Total number of security vulnerabilities189