Marcus Updateinfo to OVAL Converter5.52013-08-14T17:14:44 CVE-2012-5252openSUSE 12.1openSUSE 12.1 Update
Unknown.
CVE-2012-5256openSUSE 12.1openSUSE 12.1 Update
Unknown.
CVE-2012-5260openSUSE 12.1openSUSE 12.1 Update
Unknown.
CVE-2012-5264openSUSE 12.1openSUSE 12.1 Update
Unknown.
CVE-2012-5268openSUSE 12.1openSUSE 12.1 Update
Unknown.
CVE-2012-5272openSUSE 12.1openSUSE 12.1 Update
Unknown.
CVE-2002-0389openSUSE 12.1openSUSE 12.1 Update
Unknown.
CVE-2005-4890openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2006-6107openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).
CVE-2006-7246openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2006-7250openSUSE 12.1openSUSE 12.1 Update
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
CVE-2007-0998openSUSE 12.1openSUSE 12.1 Update
The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.
CVE-2007-6750openSUSE 12.1openSUSE 12.1 Update
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
CVE-2008-0595openSUSE 12.1openSUSE 12.1 Update
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
CVE-2008-3834openSUSE 12.1openSUSE 12.1 Update
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
CVE-2008-4311openSUSE 12.1openSUSE 12.1 Update
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.
CVE-2008-5587openSUSE 12.1openSUSE 12.1 Update
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
CVE-2009-2693openSUSE 12.1openSUSE 12.1 Update
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
CVE-2009-2901openSUSE 12.1openSUSE 12.1 Update
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
CVE-2009-2902openSUSE 12.1openSUSE 12.1 Update
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
CVE-2009-4020openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
CVE-2009-5026openSUSE 12.1openSUSE 12.1 Update
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
CVE-2009-5029openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
CVE-2010-2494openSUSE 12.1openSUSE 12.1 Update
Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.
CVE-2010-4180openSUSE 12.1openSUSE 12.1 Update
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
CVE-2010-4352openSUSE 12.1openSUSE 12.1 Update
Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.
CVE-2010-4409openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
CVE-2011-0433openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.
CVE-2011-0523openSUSE 12.1openSUSE 12.1 Update
gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors.
CVE-2011-0524openSUSE 12.1openSUSE 12.1 Update
Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 allow local users to cause a denial of service (crash) via unspecified vectors related to the sprintf function.
CVE-2011-0764openSUSE 12.1openSUSE 12.1 Update
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.
CVE-2011-1083openSUSE 12.1openSUSE 12.1 Update
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
CVE-2011-1187openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
CVE-2011-1353openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors.
CVE-2011-1398openSUSE 12.1openSUSE 12.1 Update
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.
CVE-2011-1466openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.
CVE-2011-1530openSUSE 12.1openSUSE 12.1 Update
The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.
CVE-2011-1552openSUSE 12.1openSUSE 12.1 Update
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.
CVE-2011-1553openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.
CVE-2011-1554openSUSE 12.1openSUSE 12.1 Update
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.
CVE-2011-1764openSUSE 12.1openSUSE 12.1 Update
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
CVE-2011-2198openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2011-2203openSUSE 12.1openSUSE 12.1 Update
The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record.
CVE-2011-2262openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.
CVE-2011-2372openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.
CVE-2011-2431openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability."
CVE-2011-2432openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2011-2433openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437.
CVE-2011-2434openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437.
CVE-2011-2435openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2011-2436openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2011-2437openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434.
CVE-2011-2438openSUSE 12.1openSUSE 12.1 Update
Multiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.
CVE-2011-2439openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability."
CVE-2011-2440openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2011-2441openSUSE 12.1openSUSE 12.1 Update
Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.
CVE-2011-2442openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability."
CVE-2011-2445openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
CVE-2011-2450openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2011-2451openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
CVE-2011-2452openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
CVE-2011-2453openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
CVE-2011-2454openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
CVE-2011-2455openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460.
CVE-2011-2456openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.
CVE-2011-2457openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.
CVE-2011-2458openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.
CVE-2011-2459openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460.
CVE-2011-2460openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.
CVE-2011-2462openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
CVE-2011-2483openSUSE 12.1openSUSE 12.1 Update
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
CVE-2011-2766openSUSE 12.1openSUSE 12.1 Update
The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.
CVE-2011-2899openSUSE 12.1openSUSE 12.1 Update
pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers.
CVE-2011-2985openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2011-2986openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.
CVE-2011-2987openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2011-2988openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader.
CVE-2011-2989openSUSE 12.1openSUSE 12.1 Update
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2011-2991openSUSE 12.1openSUSE 12.1 Update
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2011-2992openSUSE 12.1openSUSE 12.1 Update
The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2011-2996openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2011-2998openSUSE 12.1openSUSE 12.1 Update
Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.
CVE-2011-2999openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.
CVE-2011-3000openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.
CVE-2011-3001openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error.
CVE-2011-3005openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file.
CVE-2011-3015openSUSE 12.1openSUSE 12.1 Update
Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-3016openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.
CVE-2011-3017openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling.
CVE-2011-3018openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering.
CVE-2011-3019openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file.
CVE-2011-3020openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors.
CVE-2011-3021openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.
CVE-2011-3022openSUSE 12.1openSUSE 12.1 Update
translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2011-3023openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations.
CVE-2011-3024openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.
CVE-2011-3025openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3026openSUSE 12.1openSUSE 12.1 Update
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
CVE-2011-3027openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
CVE-2011-3031openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-3032openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.
CVE-2011-3033openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-3034openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.
CVE-2011-3035openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
CVE-2011-3036openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
CVE-2011-3037openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
CVE-2011-3038openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling.
CVE-2011-3039openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.
CVE-2011-3040openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
CVE-2011-3041openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes.
CVE-2011-3042openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections.
CVE-2011-3043openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements.
CVE-2011-3044openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.
CVE-2011-3045openSUSE 12.1openSUSE 12.1 Update
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
CVE-2011-3046openSUSE 12.1openSUSE 12.1 Update
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
CVE-2011-3047openSUSE 12.1openSUSE 12.1 Update
The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.
CVE-2011-3048openSUSE 12.1openSUSE 12.1 Update
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
CVE-2011-3049openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.
CVE-2011-3050openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.
CVE-2011-3051openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade function.
CVE-2011-3052openSUSE 12.1openSUSE 12.1 Update
The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2011-3053openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.
CVE-2011-3054openSUSE 12.1openSUSE 12.1 Update
The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2011-3055openSUSE 12.1openSUSE 12.1 Update
The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension.
CVE-2011-3056openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
CVE-2011-3062openSUSE 12.1openSUSE 12.1 Update
Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
CVE-2011-3078openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.
CVE-2011-3079openSUSE 12.1openSUSE 12.1 Update
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 does not properly validate messages, which has unspecified impact and attack vectors.
CVE-2011-3080openSUSE 12.1openSUSE 12.1 Update
Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors.
CVE-2011-3081openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.
CVE-2011-3083openSUSE 12.1openSUSE 12.1 Update
browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page.
CVE-2011-3084openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page.
CVE-2011-3085openSUSE 12.1openSUSE 12.1 Update
The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values.
CVE-2011-3086openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.
CVE-2011-3087openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.
CVE-2011-3088openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3089openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.
CVE-2011-3090openSUSE 12.1openSUSE 12.1 Update
Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes.
CVE-2011-3091openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-3092openSUSE 12.1openSUSE 12.1 Update
The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.
CVE-2011-3093openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3094openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3095openSUSE 12.1openSUSE 12.1 Update
The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
CVE-2011-3096openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an error in the GTK implementation of the omnibox.
CVE-2011-3098openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory.
CVE-2011-3100openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 19.0.1084.46 does not properly draw dash paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3101openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products.
CVE-2011-3102openSUSE 12.1openSUSE 12.1 Update
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
CVE-2011-3153openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2011-3232openSUSE 12.1openSUSE 12.1 Update
YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
CVE-2011-3346openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2011-3347openSUSE 12.1openSUSE 12.1 Update
A certain Red Hat patch to the be2net implementation in the kernel package before 2.6.32-218.el6 on Red Hat Enterprise Linux (RHEL) 6, when promiscuous mode is enabled, allows remote attackers to cause a denial of service (system crash) via non-member VLAN packets.
CVE-2011-3368openSUSE 12.1openSUSE 12.1 Update
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
CVE-2011-3375openSUSE 12.1openSUSE 12.1 Update
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
CVE-2011-3377openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2011-3389openSUSE 12.1openSUSE 12.1 Update
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
CVE-2011-3439openSUSE 12.1openSUSE 12.1 Update
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
CVE-2011-3563openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
CVE-2011-3571openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. NOTE: this CVE identifier was accidentally used for a Concurrency issue in Java Runtime Environment, but that issue has been reassigned to CVE-2012-0507.
CVE-2011-3594openSUSE 12.1openSUSE 12.1 Update
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
CVE-2011-3598openSUSE 12.1openSUSE 12.1 Update
Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.
CVE-2011-3607openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
CVE-2011-3647openSUSE 12.1openSUSE 12.1 Update
The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.
CVE-2011-3648openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.
CVE-2011-3650openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.
CVE-2011-3651openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2011-3652openSUSE 12.1openSUSE 12.1 Update
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2011-3654openSUSE 12.1openSUSE 12.1 Update
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2011-3655openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
CVE-2011-3658openSUSE 12.1openSUSE 12.1 Update
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.
CVE-2011-3659openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
CVE-2011-3660openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors.
CVE-2011-3661openSUSE 12.1openSUSE 12.1 Update
YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
CVE-2011-3663openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.
CVE-2011-3666openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X.
CVE-2011-3670openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.
CVE-2011-3903openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3904openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to bidirectional text (aka bidi) handling.
CVE-2011-3905openSUSE 12.1openSUSE 12.1 Update
libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3906openSUSE 12.1openSUSE 12.1 Update
The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3907openSUSE 12.1openSUSE 12.1 Update
The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.
CVE-2011-3908openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3909openSUSE 12.1openSUSE 12.1 Update
The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
CVE-2011-3910openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3911openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 16.0.912.63 does not properly handle PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3912openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.
CVE-2011-3914openSUSE 12.1openSUSE 12.1 Update
The internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
CVE-2011-3915openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts.
CVE-2011-3916openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3917openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-3919openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-3921openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving animation frames.
CVE-2011-3922openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling.
CVE-2011-3924openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.
CVE-2011-3925openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation entry and an interstitial page.
CVE-2011-3926openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-3927openSUSE 12.1openSUSE 12.1 Update
Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-3928openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
CVE-2011-3953openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors.
CVE-2011-3954openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.
CVE-2011-3955openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction.
CVE-2011-3956openSUSE 12.1openSUSE 12.1 Update
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.
CVE-2011-3957openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents.
CVE-2011-3958openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
CVE-2011-3959openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-3960openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3961openSUSE 12.1openSUSE 12.1 Update
Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process.
CVE-2011-3962openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3963openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3964openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors.
CVE-2011-3965openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
CVE-2011-3966openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data.
CVE-2011-3967openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate.
CVE-2011-3968openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.
CVE-2011-3969openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents.
CVE-2011-3970openSUSE 12.1openSUSE 12.1 Update
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3971openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events.
CVE-2011-3972openSUSE 12.1openSUSE 12.1 Update
The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-4000openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in ChaSen 2.4.x allows remote attackers to execute arbitrary code via a crafted string.
CVE-2011-4077openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.
CVE-2011-4086openSUSE 12.1openSUSE 12.1 Update
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal.
CVE-2011-4091openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2011-4093openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2011-4107openSUSE 12.1openSUSE 12.1 Update
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
CVE-2011-4108openSUSE 12.1openSUSE 12.1 Update
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
CVE-2011-4130openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
CVE-2011-4153openSUSE 12.1openSUSE 12.1 Update
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
CVE-2011-4182openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2011-4313openSUSE 12.1openSUSE 12.1 Update
query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
CVE-2011-4317openSUSE 12.1openSUSE 12.1 Update
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
CVE-2011-4318openSUSE 12.1openSUSE 12.1 Update
Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
CVE-2011-4328openSUSE 12.1openSUSE 12.1 Update
plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (word readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.
CVE-2011-4345openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie.
CVE-2011-4349openSUSE 12.1openSUSE 12.1 Update
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.
CVE-2011-4362openSUSE 12.1openSUSE 12.1 Update
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.
CVE-2011-4369openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
CVE-2011-4388openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2011-4405openSUSE 12.1openSUSE 12.1 Update
The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.
CVE-2011-4461openSUSE 12.1openSUSE 12.1 Update
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-4516openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.
CVE-2011-4517openSUSE 12.1openSUSE 12.1 Update
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
CVE-2011-4539openSUSE 12.1openSUSE 12.1 Update
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
CVE-2011-4566openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.
CVE-2011-4576openSUSE 12.1openSUSE 12.1 Update
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
CVE-2011-4577openSUSE 12.1openSUSE 12.1 Update
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.
CVE-2011-4578openSUSE 12.1openSUSE 12.1 Update
event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.
CVE-2011-4601openSUSE 12.1openSUSE 12.1 Update
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.
CVE-2011-4604openSUSE 12.1openSUSE 12.1 Update
The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet.
CVE-2011-4606openSUSE 12.1openSUSE 12.1 Update
Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory.
CVE-2011-4612openSUSE 12.1openSUSE 12.1 Update
icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.
CVE-2011-4619openSUSE 12.1openSUSE 12.1 Update
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
CVE-2011-4620openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information.
CVE-2011-4634openSUSE 12.1openSUSE 12.1 Update
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.
CVE-2011-4681openSUSE 12.1openSUSE 12.1 Update
Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as demonstrated by the .no or .uk domain.
CVE-2011-4682openSUSE 12.1openSUSE 12.1 Update
The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites.
CVE-2011-4683openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a "moderately severe issue."
CVE-2011-4684openSUSE 12.1openSUSE 12.1 Update
Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."
CVE-2011-4685openSUSE 12.1openSUSE 12.1 Update
Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com.
CVE-2011-4686openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
CVE-2011-4687openSUSE 12.1openSUSE 12.1 Update
Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified content on a web page, as demonstrated by a page under the cisco.com home page.
CVE-2011-4780openSUSE 12.1openSUSE 12.1 Update
Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.
CVE-2011-4782openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
CVE-2011-4858openSUSE 12.1openSUSE 12.1 Update
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-4862openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
CVE-2011-4868openSUSE 12.1openSUSE 12.1 Update
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.
CVE-2011-4885openSUSE 12.1openSUSE 12.1 Update
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-4944openSUSE 12.1openSUSE 12.1 Update
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
CVE-2011-4952openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2011-4953openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2011-4954openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2011-4966openSUSE 12.1openSUSE 12.1 Update
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
CVE-2011-5035openSUSE 12.1openSUSE 12.1 Update
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
CVE-2011-5037openSUSE 12.1openSUSE 12.1 Update
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js.
CVE-2012-0027openSUSE 12.1openSUSE 12.1 Update
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.
CVE-2012-0029openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.
CVE-2012-0031openSUSE 12.1openSUSE 12.1 Update
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
CVE-2012-0036openSUSE 12.1openSUSE 12.1 Update
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
CVE-2012-0037openSUSE 12.1openSUSE 12.1 Update
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
CVE-2012-0041openSUSE 12.1openSUSE 12.1 Update
The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file.
CVE-2012-0042openSUSE 12.1openSUSE 12.1 Update
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c.
CVE-2012-0043openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets.
CVE-2012-0050openSUSE 12.1openSUSE 12.1 Update
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
CVE-2012-0053openSUSE 12.1openSUSE 12.1 Update
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
CVE-2012-0056openSUSE 12.1openSUSE 12.1 Update
The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.
CVE-2012-0057openSUSE 12.1openSUSE 12.1 Update
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
CVE-2012-0060:openSUSE 12.1openSUSE 12.1 Update
Unknown.
CVE-2012-0061:openSUSE 12.1openSUSE 12.1 Update
Unknown.
CVE-2012-0065openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list.
CVE-2012-0066openSUSE 12.1openSUSE 12.1 Update
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file.
CVE-2012-0067openSUSE 12.1openSUSE 12.1 Update
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
CVE-2012-0068openSUSE 12.1openSUSE 12.1 Update
The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell catpure file containing a record that is too small.
CVE-2012-0075openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
CVE-2012-0087openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.
CVE-2012-0101openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.
CVE-2012-0102openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.
CVE-2012-0105openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions.
CVE-2012-0111openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.
CVE-2012-0112openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
CVE-2012-0113openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.
CVE-2012-0114openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.
CVE-2012-0115openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
CVE-2012-0116openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
CVE-2012-0117openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
CVE-2012-0118openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.
CVE-2012-0119openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
CVE-2012-0120openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.
CVE-2012-0206openSUSE 12.1openSUSE 12.1 Update
common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.
CVE-2012-0207openSUSE 12.1openSUSE 12.1 Update
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.
CVE-2012-0213openSUSE 12.1openSUSE 12.1 Update
The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
CVE-2012-0217openSUSE 12.1openSUSE 12.1 Update
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
CVE-2012-0218openSUSE 12.1openSUSE 12.1 Update
Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.
CVE-2012-0219openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address.
CVE-2012-0247openSUSE 12.1openSUSE 12.1 Update
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
CVE-2012-0248openSUSE 12.1openSUSE 12.1 Update
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
CVE-2012-0259openSUSE 12.1openSUSE 12.1 Update
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.
CVE-2012-0260openSUSE 12.1openSUSE 12.1 Update
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
CVE-2012-0270openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-0390openSUSE 12.1openSUSE 12.1 Update
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
CVE-2012-0441openSUSE 12.1openSUSE 12.1 Update
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.
CVE-2012-0442openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-0443openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-0444openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
CVE-2012-0445openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute.
CVE-2012-0446openSUSE 12.1openSUSE 12.1 Update
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.
CVE-2012-0447openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
CVE-2012-0449openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.
CVE-2012-0451openSUSE 12.1openSUSE 12.1 Update
CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers.
CVE-2012-0452openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding.
CVE-2012-0455openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue.
CVE-2012-0456openSUSE 12.1openSUSE 12.1 Update
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read.
CVE-2012-0457openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.
CVE-2012-0458openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context.
CVE-2012-0459openSUSE 12.1openSUSE 12.1 Update
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe.
CVE-2012-0460openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page.
CVE-2012-0461openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-0462openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-0463openSUSE 12.1openSUSE 12.1 Update
The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android.
CVE-2012-0464openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.
CVE-2012-0467openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-0468openSUSE 12.1openSUSE 12.1 Update
The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function.
CVE-2012-0469openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data.
CVE-2012-0470openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems."
CVE-2012-0471openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set.
CVE-2012-0472openSUSE 12.1openSUSE 12.1 Update
The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
CVE-2012-0473openSUSE 12.1openSUSE 12.1 Update
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call.
CVE-2012-0474openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)."
CVE-2012-0475openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields.
CVE-2012-0477openSUSE 12.1openSUSE 12.1 Update
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set.
CVE-2012-0478openSUSE 12.1openSUSE 12.1 Update
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
CVE-2012-0479openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content.
CVE-2012-0484openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.
CVE-2012-0485openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.
CVE-2012-0486openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
CVE-2012-0487openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
CVE-2012-0488openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
CVE-2012-0489openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
CVE-2012-0490openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
CVE-2012-0491openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and CVE-2012-0495.
CVE-2012-0492openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.
CVE-2012-0493openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495.
CVE-2012-0494openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors.
CVE-2012-0495openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0493.
CVE-2012-0496openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
CVE-2012-0497openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVE-2012-0501openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
CVE-2012-0502openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.
CVE-2012-0503openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.
CVE-2012-0505openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.
CVE-2012-0506openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.
CVE-2012-0547openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references."
CVE-2012-0583openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
CVE-2012-0751openSUSE 12.1openSUSE 12.1 Update
The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2012-0752openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via leveraging an unspecified "type confusion."
CVE-2012-0753openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data.
CVE-2012-0754openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2012-0755openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756.
CVE-2012-0756openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.
CVE-2012-0767openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.
CVE-2012-0768openSUSE 12.1openSUSE 12.1 Update
The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2012-0769openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors.
CVE-2012-0773openSUSE 12.1openSUSE 12.1 Update
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2012-0774openSUSE 12.1openSUSE 12.1 Update
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font.
CVE-2012-0775openSUSE 12.1openSUSE 12.1 Update
The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2012-0777openSUSE 12.1openSUSE 12.1 Update
The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2012-0779openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.
CVE-2012-0781openSUSE 12.1openSUSE 12.1 Update
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.
CVE-2012-0788openSUSE 12.1openSUSE 12.1 Update
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
CVE-2012-0789openSUSE 12.1openSUSE 12.1 Update
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
CVE-2012-0791openSUSE 12.1openSUSE 12.1 Update
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.
CVE-2012-0804openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
CVE-2012-0807openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.
CVE-2012-0809openSUSE 12.1openSUSE 12.1 Update
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
CVE-2012-0811openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-0812openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-0815:openSUSE 12.1openSUSE 12.1 Update
Unknown.
CVE-2012-0817openSUSE 12.1openSUSE 12.1 Update
Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests.
CVE-2012-0830openSUSE 12.1openSUSE 12.1 Update
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
CVE-2012-0831openSUSE 12.1openSUSE 12.1 Update
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
CVE-2012-0841openSUSE 12.1openSUSE 12.1 Update
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
CVE-2012-0845openSUSE 12.1openSUSE 12.1 Update
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.
CVE-2012-0863openSUSE 12.1openSUSE 12.1 Update
Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.
CVE-2012-0866openSUSE 12.1openSUSE 12.1 Update
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.
CVE-2012-0867openSUSE 12.1openSUSE 12.1 Update
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
CVE-2012-0868openSUSE 12.1openSUSE 12.1 Update
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
CVE-2012-0870openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.
CVE-2012-0871openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-0883openSUSE 12.1openSUSE 12.1 Update
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
CVE-2012-0884openSUSE 12.1openSUSE 12.1 Update
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
CVE-2012-0909openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information.
CVE-2012-0957openSUSE 12.1openSUSE 12.1 Update
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.
CVE-2012-1013openSUSE 12.1openSUSE 12.1 Update
The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.
CVE-2012-1014openSUSE 12.1openSUSE 12.1 Update
The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.
CVE-2012-1015openSUSE 12.1openSUSE 12.1 Update
The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.
CVE-2012-1016openSUSE 12.1openSUSE 12.1 Update
The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.
CVE-2012-1033openSUSE 12.1openSUSE 12.1 Update
The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
CVE-2012-1090openSUSE 12.1openSUSE 12.1 Update
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.
CVE-2012-1095openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-1097openSUSE 12.1openSUSE 12.1 Update
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
CVE-2012-1107openSUSE 12.1openSUSE 12.1 Update
The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error.
CVE-2012-1108openSUSE 12.1openSUSE 12.1 Update
The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.
CVE-2012-1111openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-1126openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font.
CVE-2012-1127openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
CVE-2012-1128openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
CVE-2012-1129openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font.
CVE-2012-1130openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.
CVE-2012-1131openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font.
CVE-2012-1132openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font.
CVE-2012-1133openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
CVE-2012-1134openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font.
CVE-2012-1135openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font.
CVE-2012-1136openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field.
CVE-2012-1137openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font.
CVE-2012-1138openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font.
CVE-2012-1139openSUSE 12.1openSUSE 12.1 Update
Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font.
CVE-2012-1140openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object.
CVE-2012-1141openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font.
CVE-2012-1142openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font.
CVE-2012-1143openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font.
CVE-2012-1144openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
CVE-2012-1146openSUSE 12.1openSUSE 12.1 Update
The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events.
CVE-2012-1150openSUSE 12.1openSUSE 12.1 Update
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
CVE-2012-1151openSUSE 12.1openSUSE 12.1 Update
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.
CVE-2012-1152openSUSE 12.1openSUSE 12.1 Update
Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.
CVE-2012-1162openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."
CVE-2012-1163openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.
CVE-2012-1165openSUSE 12.1openSUSE 12.1 Update
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
CVE-2012-1172openSUSE 12.1openSUSE 12.1 Update
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
CVE-2012-1173openSUSE 12.1openSUSE 12.1 Update
Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.
CVE-2012-1174openSUSE 12.1openSUSE 12.1 Update
The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."
CVE-2012-1175openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow.
CVE-2012-1177openSUSE 12.1openSUSE 12.1 Update
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.
CVE-2012-1178openSUSE 12.1openSUSE 12.1 Update
The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.
CVE-2012-1180openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
CVE-2012-1182openSUSE 12.1openSUSE 12.1 Update
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
CVE-2012-1185openSUSE 12.1openSUSE 12.1 Update
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.
CVE-2012-1186openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.
CVE-2012-1190openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name.
CVE-2012-1457openSUSE 12.1openSUSE 12.1 Update
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
CVE-2012-1458openSUSE 12.1openSUSE 12.1 Update
The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations.
CVE-2012-1459openSUSE 12.1openSUSE 12.1 Update
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
CVE-2012-1502openSUSE 12.1openSUSE 12.1 Update
Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.
CVE-2012-1521openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2012-1530openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623.
CVE-2012-1535openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
CVE-2012-1569openSUSE 12.1openSUSE 12.1 Update
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
CVE-2012-1571openSUSE 12.1openSUSE 12.1 Update
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
CVE-2012-1573openSUSE 12.1openSUSE 12.1 Update
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
CVE-2012-1584openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation.
CVE-2012-1586openSUSE 12.1openSUSE 12.1 Update
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
CVE-2012-1593openSUSE 12.1openSUSE 12.1 Update
epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.
CVE-2012-1595openSUSE 12.1openSUSE 12.1 Update
The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers.
CVE-2012-1596openSUSE 12.1openSUSE 12.1 Update
The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt.
CVE-2012-1600openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-1610openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259.
CVE-2012-1663openSUSE 12.1openSUSE 12.1 Update
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
CVE-2012-1667openSUSE 12.1openSUSE 12.1 Update
ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
CVE-2012-1682openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."
CVE-2012-1688openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.
CVE-2012-1690openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
CVE-2012-1696openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
CVE-2012-1697openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
CVE-2012-1703openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
CVE-2012-1711openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA.
CVE-2012-1713openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVE-2012-1716openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
CVE-2012-1717openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
CVE-2012-1718openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
CVE-2012-1719openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.
CVE-2012-1723openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVE-2012-1724openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP.
CVE-2012-1725openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVE-2012-1798openSUSE 12.1openSUSE 12.1 Update
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
CVE-2012-1823openSUSE 12.1openSUSE 12.1 Update
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
CVE-2012-1902openSUSE 12.1openSUSE 12.1 Update
show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file.
CVE-2012-1924openSUSE 12.1openSUSE 12.1 Update
Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog.
CVE-2012-1925openSUSE 12.1openSUSE 12.1 Update
Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows.
CVE-2012-1926openSUSE 12.1openSUSE 12.1 Update
Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.
CVE-2012-1927openSUSE 12.1openSUSE 12.1 Update
Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain.
CVE-2012-1928openSUSE 12.1openSUSE 12.1 Update
Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain.
CVE-2012-1929openSUSE 12.1openSUSE 12.1 Update
Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area.
CVE-2012-1930openSUSE 12.1openSUSE 12.1 Update
Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files.
CVE-2012-1931openSUSE 12.1openSUSE 12.1 Update
Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing.
CVE-2012-1937openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-1938openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.
CVE-2012-1940openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column.
CVE-2012-1941openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns.
CVE-2012-1944openSUSE 12.1openSUSE 12.1 Update
The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document.
CVE-2012-1945openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
CVE-2012-1946openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node.
CVE-2012-1947openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.
CVE-2012-1948openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-1949openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-1950openSUSE 12.1openSUSE 12.1 Update
The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.
CVE-2012-1951openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing.
CVE-2012-1952openSUSE 12.1openSUSE 12.1 Update
The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site.
CVE-2012-1953openSUSE 12.1openSUSE 12.1 Update
The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site.
CVE-2012-1954openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents.
CVE-2012-1955openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.
CVE-2012-1956openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
CVE-2012-1957openSUSE 12.1openSUSE 12.1 Update
An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed.
CVE-2012-1958openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content.
CVE-2012-1959openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content.
CVE-2012-1960openSUSE 12.1openSUSE 12.1 Update
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.
CVE-2012-1961openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values.
CVE-2012-1962openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies.
CVE-2012-1963openSUSE 12.1openSUSE 12.1 Update
The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation.
CVE-2012-1964openSUSE 12.1openSUSE 12.1 Update
The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element.
CVE-2012-1965openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.
CVE-2012-1966openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
CVE-2012-1967openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.
CVE-2012-1970openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-1972openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-1973openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-1974openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-1975openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-1976openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-1986openSUSE 12.1openSUSE 12.1 Update
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.
CVE-2012-1987openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
CVE-2012-1988openSUSE 12.1openSUSE 12.1 Update
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
CVE-2012-1989openSUSE 12.1openSUSE 12.1 Update
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
CVE-2012-2034openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.
CVE-2012-2035openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.
CVE-2012-2036openSUSE 12.1openSUSE 12.1 Update
Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.
CVE-2012-2037openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034.
CVE-2012-2038openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
CVE-2012-2039openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.
CVE-2012-2040openSUSE 12.1openSUSE 12.1 Update
Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory.
CVE-2012-2088openSUSE 12.1openSUSE 12.1 Update
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.
CVE-2012-2106openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-2107openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-2108openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-2110openSUSE 12.1openSUSE 12.1 Update
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
CVE-2012-2111openSUSE 12.1openSUSE 12.1 Update
The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.
CVE-2012-2113openSUSE 12.1openSUSE 12.1 Update
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
CVE-2012-2119openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.
CVE-2012-2122openSUSE 12.1openSUSE 12.1 Update
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
CVE-2012-2123openSUSE 12.1openSUSE 12.1 Update
The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.
CVE-2012-2135openSUSE 12.1openSUSE 12.1 Update
The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.
CVE-2012-2136openSUSE 12.1openSUSE 12.1 Update
The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.
CVE-2012-2141openSUSE 12.1openSUSE 12.1 Update
Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.
CVE-2012-2143openSUSE 12.1openSUSE 12.1 Update
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
CVE-2012-2311openSUSE 12.1openSUSE 12.1 Update
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
CVE-2012-2318openSUSE 12.1openSUSE 12.1 Update
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.
CVE-2012-2328openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-2333openSUSE 12.1openSUSE 12.1 Update
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
CVE-2012-2335openSUSE 12.1openSUSE 12.1 Update
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.
CVE-2012-2336openSUSE 12.1openSUSE 12.1 Update
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
CVE-2012-2337openSUSE 12.1openSUSE 12.1 Update
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
CVE-2012-2369openSUSE 12.1openSUSE 12.1 Update
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.
CVE-2012-2370openSUSE 12.1openSUSE 12.1 Update
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
CVE-2012-2373openSUSE 12.1openSUSE 12.1 Update
The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.
CVE-2012-2386openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
CVE-2012-2388openSUSE 12.1openSUSE 12.1 Update
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."
CVE-2012-2392openSUSE 12.1openSUSE 12.1 Update
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.
CVE-2012-2393openSUSE 12.1openSUSE 12.1 Update
epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.
CVE-2012-2394openSUSE 12.1openSUSE 12.1 Update
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.
CVE-2012-2395openSUSE 12.1openSUSE 12.1 Update
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
CVE-2012-2396openSUSE 12.1openSUSE 12.1 Update
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
CVE-2012-2582openSUSE 12.1openSUSE 12.1 Update
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
CVE-2012-2625openSUSE 12.1openSUSE 12.1 Update
The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.
CVE-2012-2652openSUSE 12.1openSUSE 12.1 Update
The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.
CVE-2012-2653openSUSE 12.1openSUSE 12.1 Update
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.
CVE-2012-2655openSUSE 12.1openSUSE 12.1 Update
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.
CVE-2012-2660openSUSE 12.1openSUSE 12.1 Update
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694.
CVE-2012-2663openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-2669openSUSE 12.1openSUSE 12.1 Update
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message.
CVE-2012-2686openSUSE 12.1openSUSE 12.1 Update
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
CVE-2012-2687openSUSE 12.1openSUSE 12.1 Update
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
CVE-2012-2688openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
CVE-2012-2694openSUSE 12.1openSUSE 12.1 Update
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660.
CVE-2012-2695openSUSE 12.1openSUSE 12.1 Update
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.
CVE-2012-2733openSUSE 12.1openSUSE 12.1 Update
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
CVE-2012-2736openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-2737openSUSE 12.1openSUSE 12.1 Update
The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.
CVE-2012-2738openSUSE 12.1openSUSE 12.1 Update
The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
CVE-2012-2745openSUSE 12.1openSUSE 12.1 Update
The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call.
CVE-2012-2763openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.
CVE-2012-2806openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.
CVE-2012-2807openSUSE 12.1openSUSE 12.1 Update
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2012-2812openSUSE 12.1openSUSE 12.1 Update
The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
CVE-2012-2813openSUSE 12.1openSUSE 12.1 Update
The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
CVE-2012-2814openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
CVE-2012-2815openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain.
CVE-2012-2816openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors.
CVE-2012-2817openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections.
CVE-2012-2818openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading Style Sheets (CSS) counters feature.
CVE-2012-2819openSUSE 12.1openSUSE 12.1 Update
The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application crash) or possibly have unspecified other impact via a crafted web page, as demonstrated by certain WebGL performance tests, aka rdar problem 11520387.
CVE-2012-2820openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-2821openSUSE 12.1openSUSE 12.1 Update
The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, which has unspecified impact and remote attack vectors.
CVE-2012-2823openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG resources.
CVE-2012-2825openSUSE 12.1openSUSE 12.1 Update
The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
CVE-2012-2826openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-2829openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.
CVE-2012-2830openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via unknown vectors.
CVE-2012-2831openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references.
CVE-2012-2834openSUSE 12.1openSUSE 12.1 Update
Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format.
CVE-2012-2836openSUSE 12.1openSUSE 12.1 Update
The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
CVE-2012-2837openSUSE 12.1openSUSE 12.1 Update
The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.
CVE-2012-2840openSUSE 12.1openSUSE 12.1 Update
Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
CVE-2012-2841openSUSE 12.1openSUSE 12.1 Update
Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.
CVE-2012-2842openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling.
CVE-2012-2843openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height tracking.
CVE-2012-2865openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
CVE-2012-2866openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
CVE-2012-2867openSUSE 12.1openSUSE 12.1 Update
The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
CVE-2012-2868openSUSE 12.1openSUSE 12.1 Update
Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object.
CVE-2012-2869openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer."
CVE-2012-2870openSUSE 12.1openSUSE 12.1 Update
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
CVE-2012-2871openSUSE 12.1openSUSE 12.1 Update
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
CVE-2012-2872openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2874openSUSE 12.1openSUSE 12.1 Update
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883.
CVE-2012-2876openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2012-2877openSUSE 12.1openSUSE 12.1 Update
The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
CVE-2012-2878openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling.
CVE-2012-2879openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document.
CVE-2012-2880openSUSE 12.1openSUSE 12.1 Update
Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer.
CVE-2012-2881openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2012-2882openSUSE 12.1openSUSE 12.1 Update
FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue.
CVE-2012-2883openSUSE 12.1openSUSE 12.1 Update
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2874.
CVE-2012-2884openSUSE 12.1openSUSE 12.1 Update
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-2885openSUSE 12.1openSUSE 12.1 Update
Double free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to application exit.
CVE-2012-2886openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Google V8 bindings, aka "Universal XSS (UXSS)."
CVE-2012-2887openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events.
CVE-2012-2888openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG text references.
CVE-2012-2889openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."
CVE-2012-2891openSUSE 12.1openSUSE 12.1 Update
The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors.
CVE-2012-2892openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors.
CVE-2012-2893openSUSE 12.1openSUSE 12.1 Update
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
CVE-2012-2894openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2012-2896openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the WebGL implementation in Google Chrome before 22.0.1229.79 on Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2012-2934openSUSE 12.1openSUSE 12.1 Update
Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217.
CVE-2012-2944openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.
CVE-2012-3216openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
CVE-2012-3236openSUSE 12.1openSUSE 12.1 Update
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
CVE-2012-3355openSUSE 12.1openSUSE 12.1 Update
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
CVE-2012-3356openSUSE 12.1openSUSE 12.1 Update
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2012-3357openSUSE 12.1openSUSE 12.1 Update
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."
CVE-2012-3365openSUSE 12.1openSUSE 12.1 Update
The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.
CVE-2012-3382openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.
CVE-2012-3401openSUSE 12.1openSUSE 12.1 Update
The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.
CVE-2012-3403openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."
CVE-2012-3410openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
CVE-2012-3412openSUSE 12.1openSUSE 12.1 Update
The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.
CVE-2012-3418openSUSE 12.1openSUSE 12.1 Update
libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads.
CVE-2012-3419openSUSE 12.1openSUSE 12.1 Update
Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.
CVE-2012-3420openSUSE 12.1openSUSE 12.1 Update
Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.
CVE-2012-3421openSUSE 12.1openSUSE 12.1 Update
The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."
CVE-2012-3422openSUSE 12.1openSUSE 12.1 Update
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.
CVE-2012-3423openSUSE 12.1openSUSE 12.1 Update
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.
CVE-2012-3425openSUSE 12.1openSUSE 12.1 Update
The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.
CVE-2012-3432openSUSE 12.1openSUSE 12.1 Update
The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.
CVE-2012-3433openSUSE 12.1openSUSE 12.1 Update
Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown.
CVE-2012-3437openSUSE 12.1openSUSE 12.1 Update
The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.
CVE-2012-3438openSUSE 12.1openSUSE 12.1 Update
The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.
CVE-2012-3441openSUSE 12.1openSUSE 12.1 Update
The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors.
CVE-2012-3442openSUSE 12.1openSUSE 12.1 Update
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.
CVE-2012-3443openSUSE 12.1openSUSE 12.1 Update
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.
CVE-2012-3444openSUSE 12.1openSUSE 12.1 Update
The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.
CVE-2012-3445openSUSE 12.1openSUSE 12.1 Update
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
CVE-2012-3455openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
CVE-2012-3461openSUSE 12.1openSUSE 12.1 Update
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow.
CVE-2012-3464openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.
CVE-2012-3465openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.
CVE-2012-3481openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
CVE-2012-3488openSUSE 12.1openSUSE 12.1 Update
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.
CVE-2012-3489openSUSE 12.1openSUSE 12.1 Update
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
CVE-2012-3494openSUSE 12.1openSUSE 12.1 Update
The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.
CVE-2012-3495openSUSE 12.1openSUSE 12.1 Update
The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.
CVE-2012-3496openSUSE 12.1openSUSE 12.1 Update
XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.
CVE-2012-3497openSUSE 12.1openSUSE 12.1 Update
(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id.
CVE-2012-3498openSUSE 12.1openSUSE 12.1 Update
PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index.
CVE-2012-3499openSUSE 12.1openSUSE 12.1 Update
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
CVE-2012-3500openSUSE 12.1openSUSE 12.1 Update
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.
CVE-2012-3515openSUSE 12.1openSUSE 12.1 Update
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
CVE-2012-3524openSUSE 12.1openSUSE 12.1 Update
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."
CVE-2012-3546openSUSE 12.1openSUSE 12.1 Update
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
CVE-2012-3547openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
CVE-2012-3570openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.
CVE-2012-3571openSUSE 12.1openSUSE 12.1 Update
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
CVE-2012-3817openSUSE 12.1openSUSE 12.1 Update
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.
CVE-2012-3864openSUSE 12.1openSUSE 12.1 Update
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.
CVE-2012-3865openSUSE 12.1openSUSE 12.1 Update
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.
CVE-2012-3866openSUSE 12.1openSUSE 12.1 Update
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.
CVE-2012-3867openSUSE 12.1openSUSE 12.1 Update
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.
CVE-2012-3868openSUSE 12.1openSUSE 12.1 Update
Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.
CVE-2012-3954openSUSE 12.1openSUSE 12.1 Update
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
CVE-2012-3955openSUSE 12.1openSUSE 12.1 Update
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
CVE-2012-3956openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-3957openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-3958openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-3959openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-3960openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-3961openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-3962openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document.
CVE-2012-3963openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-3964openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-3965openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window.
CVE-2012-3966openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component.
CVE-2012-3967openSUSE 12.1openSUSE 12.1 Update
The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site.
CVE-2012-3968openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor.
CVE-2012-3969openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow.
CVE-2012-3970openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another.
CVE-2012-3971openSUSE 12.1openSUSE 12.1 Update
Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions.
CVE-2012-3972openSUSE 12.1openSUSE 12.1 Update
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.
CVE-2012-3973openSUSE 12.1openSUSE 12.1 Update
The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.
CVE-2012-3975openSUSE 12.1openSUSE 12.1 Update
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code.
CVE-2012-3976openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.
CVE-2012-3978openSUSE 12.1openSUSE 12.1 Update
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code.
CVE-2012-3980openSUSE 12.1openSUSE 12.1 Update
The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.
CVE-2012-3982openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-3983openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-3984openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling.
CVE-2012-3985openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.
CVE-2012-3986openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.
CVE-2012-3988openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation.
CVE-2012-3989openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.
CVE-2012-3990openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function.
CVE-2012-3991openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.
CVE-2012-3992openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object.
CVE-2012-3993openSUSE 12.1openSUSE 12.1 Update
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.
CVE-2012-3994openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.
CVE-2012-3995openSUSE 12.1openSUSE 12.1 Update
The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-4048openSUSE 12.1openSUSE 12.1 Update
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.
CVE-2012-4049openSUSE 12.1openSUSE 12.1 Update
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.
CVE-2012-4179openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-4180openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-4182openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-4183openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-4184openSUSE 12.1openSUSE 12.1 Update
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site.
CVE-2012-4185openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-4186openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-4187openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors.
CVE-2012-4188openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-4191openSUSE 12.1openSUSE 12.1 Update
The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2012-4192openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.
CVE-2012-4193openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.
CVE-2012-4194openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
CVE-2012-4195openSUSE 12.1openSUSE 12.1 Update
The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.
CVE-2012-4196openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.
CVE-2012-4201openSUSE 12.1openSUSE 12.1 Update
The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on.
CVE-2012-4202openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image.
CVE-2012-4203openSUSE 12.1openSUSE 12.1 Update
The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.
CVE-2012-4204openSUSE 12.1openSUSE 12.1 Update
The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
CVE-2012-4205openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on.
CVE-2012-4207openSUSE 12.1openSUSE 12.1 Update
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.
CVE-2012-4208openSUSE 12.1openSUSE 12.1 Update
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.
CVE-2012-4209openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.
CVE-2012-4210openSUSE 12.1openSUSE 12.1 Update
The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.
CVE-2012-4212openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-4213openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-4214openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840.
CVE-2012-4215openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-4216openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-4217openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-4218openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-4219openSUSE 12.1openSUSE 12.1 Update
show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.
CVE-2012-4233openSUSE 12.1openSUSE 12.1 Update
LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in a .wmf (Window Meta File) file embedded in a ppt (PowerPoint) file to tllo.dll, or (4) xls (Excel) file to scfiltlo.dll.
CVE-2012-4244openSUSE 12.1openSUSE 12.1 Update
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
CVE-2012-4285openSUSE 12.1openSUSE 12.1 Update
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message.
CVE-2012-4288openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length.
CVE-2012-4289openSUSE 12.1openSUSE 12.1 Update
epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.
CVE-2012-4290openSUSE 12.1openSUSE 12.1 Update
The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.
CVE-2012-4291openSUSE 12.1openSUSE 12.1 Update
The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
CVE-2012-4292openSUSE 12.1openSUSE 12.1 Update
The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2012-4293openSUSE 12.1openSUSE 12.1 Update
plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet.
CVE-2012-4296openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.
CVE-2012-4345openSUSE 12.1openSUSE 12.1 Update
Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.
CVE-2012-4405openSUSE 12.1openSUSE 12.1 Update
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
CVE-2012-4409openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.
CVE-2012-4411openSUSE 12.1openSUSE 12.1 Update
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.
CVE-2012-4414openSUSE 12.1openSUSE 12.1 Update
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
CVE-2012-4416openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot.
CVE-2012-4423openSUSE 12.1openSUSE 12.1 Update
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.
CVE-2012-4431openSUSE 12.1openSUSE 12.1 Update
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
CVE-2012-4445openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.
CVE-2012-4447openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.
CVE-2012-4464openSUSE 12.1openSUSE 12.1 Update
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.
CVE-2012-4465openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit.
CVE-2012-4466openSUSE 12.1openSUSE 12.1 Update
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.
CVE-2012-4504openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.
CVE-2012-4505openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.
CVE-2012-4507openSUSE 12.1openSUSE 12.1 Update
The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email.
CVE-2012-4512openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-4513openSUSE 12.1openSUSE 12.1 Update
khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.
CVE-2012-4514openSUSE 12.1openSUSE 12.1 Update
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part."
CVE-2012-4515openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.
CVE-2012-4527openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name. NOTE: it is not clear whether this is a vulnerability.
CVE-2012-4530openSUSE 12.1openSUSE 12.1 Update
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-4534openSUSE 12.1openSUSE 12.1 Update
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
CVE-2012-4535openSUSE 12.1openSUSE 12.1 Update
Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline."
CVE-2012-4536openSUSE 12.1openSUSE 12.1 Update
The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read.
CVE-2012-4537openSUSE 12.1openSUSE 12.1 Update
Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability."
CVE-2012-4538openSUSE 12.1openSUSE 12.1 Update
The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.
CVE-2012-4539openSUSE 12.1openSUSE 12.1 Update
Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability."
CVE-2012-4540openSUSE 12.1openSUSE 12.1 Update
Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, and 1.3.x before 1.3.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet."
CVE-2012-4544openSUSE 12.1openSUSE 12.1 Update
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.
CVE-2012-4548openSUSE 12.1openSUSE 12.1 Update
Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command.
CVE-2012-4552openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.
CVE-2012-4557openSUSE 12.1openSUSE 12.1 Update
The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
CVE-2012-4558openSUSE 12.1openSUSE 12.1 Update
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
CVE-2012-4559openSUSE 12.1openSUSE 12.1 Update
Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2012-4560openSUSE 12.1openSUSE 12.1 Update
Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2012-4561openSUSE 12.1openSUSE 12.1 Update
The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers cause a denial of service (crash) via unspecified vectors.
CVE-2012-4562openSUSE 12.1openSUSE 12.1 Update
Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.
CVE-2012-4564openSUSE 12.1openSUSE 12.1 Update
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
CVE-2012-4600openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.
CVE-2012-4751openSUSE 12.1openSUSE 12.1 Update
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
CVE-2012-4929openSUSE 12.1openSUSE 12.1 Update
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
CVE-2012-5068openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CVE-2012-5069openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency.
CVE-2012-5071openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX.
CVE-2012-5072openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security.
CVE-2012-5073openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
CVE-2012-5075openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX.
CVE-2012-5077openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security.
CVE-2012-5079openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
CVE-2012-5081openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.
CVE-2012-5084openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
CVE-2012-5085openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE.
CVE-2012-5086openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
CVE-2012-5089openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
CVE-2012-5130openSUSE 12.1openSUSE 12.1 Update
Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-5131openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitigate improper rendering behavior in the Intel GPU driver, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2012-5132openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service (application crash) via a response with chunked transfer coding.
CVE-2012-5133openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.
CVE-2012-5134openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
CVE-2012-5135openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.
CVE-2012-5136openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.
CVE-2012-5137openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Media Source API.
CVE-2012-5138openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors.
CVE-2012-5139openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to visibility events.
CVE-2012-5140openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader.
CVE-2012-5141openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in, which has unspecified impact and attack vectors.
CVE-2012-5142openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2012-5143openSUSE 12.1openSUSE 12.1 Update
Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers.
CVE-2012-5144openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."
CVE-2012-5145openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout.
CVE-2012-5146openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL.
CVE-2012-5147openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
CVE-2012-5148openSUSE 12.1openSUSE 12.1 Update
The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors.
CVE-2012-5149openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2012-5150openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data.
CVE-2012-5152openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data.
CVE-2012-5153openSUSE 12.1openSUSE 12.1 Update
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory.
CVE-2012-5154openSUSE 12.1openSUSE 12.1 Update
Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory.
CVE-2012-5166openSUSE 12.1openSUSE 12.1 Update
ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
CVE-2012-5248openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
CVE-2012-5249openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
CVE-2012-5250openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
CVE-2012-5251openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
CVE-2012-5253openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
CVE-2012-5254openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
CVE-2012-5255openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
CVE-2012-5257openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
CVE-2012-5258openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
CVE-2012-5259openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
CVE-2012-5261openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
CVE-2012-5262openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
CVE-2012-5263openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
CVE-2012-5265openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
CVE-2012-5266openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
CVE-2012-5267openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
CVE-2012-5269openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
CVE-2012-5270openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
CVE-2012-5271openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
CVE-2012-5274openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280.
CVE-2012-5275openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280.
CVE-2012-5276openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and CVE-2012-5280.
CVE-2012-5277openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5280.
CVE-2012-5278openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
CVE-2012-5279openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2012-5280openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277.
CVE-2012-5339openSUSE 12.1openSUSE 12.1 Update
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.
CVE-2012-5368openSUSE 12.1openSUSE 12.1 Update
phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code.
CVE-2012-5510openSUSE 12.1openSUSE 12.1 Update
Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.
CVE-2012-5511openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.
CVE-2012-5512openSUSE 12.1openSUSE 12.1 Update
Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors.
CVE-2012-5513openSUSE 12.1openSUSE 12.1 Update
The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range.
CVE-2012-5514openSUSE 12.1openSUSE 12.1 Update
The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors.
CVE-2012-5515openSUSE 12.1openSUSE 12.1 Update
The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value.
CVE-2012-5526openSUSE 12.1openSUSE 12.1 Update
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
CVE-2012-5534openSUSE 12.1openSUSE 12.1 Update
The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."
CVE-2012-5565openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-5566openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-5567openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-5568openSUSE 12.1openSUSE 12.1 Update
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
CVE-2012-5576openSUSE 12.1openSUSE 12.1 Update
Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file.
CVE-2012-5581openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
CVE-2012-5592openSUSE 12.1openSUSE 12.1 Update
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6052. Reason: This candidate is a reservation duplicate of CVE-2012-6052. Notes: All CVE users should reference CVE-2012-6052 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2012-5593openSUSE 12.1openSUSE 12.1 Update
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6053. Reason: This candidate is a reservation duplicate of CVE-2012-6053. Notes: All CVE users should reference CVE-2012-6053 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2012-5594openSUSE 12.1openSUSE 12.1 Update
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6054. Reason: This candidate is a reservation duplicate of CVE-2012-6054. Notes: All CVE users should reference CVE-2012-6054 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2012-5595openSUSE 12.1openSUSE 12.1 Update
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6056. Reason: This candidate is a reservation duplicate of CVE-2012-6056. Notes: All CVE users should reference CVE-2012-6056 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2012-5596openSUSE 12.1openSUSE 12.1 Update
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6057. Reason: This candidate is a reservation duplicate of CVE-2012-6057. Notes: All CVE users should reference CVE-2012-6057 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2012-5597openSUSE 12.1openSUSE 12.1 Update
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6059. Reason: This candidate is a reservation duplicate of CVE-2012-6059. Notes: All CVE users should reference CVE-2012-6059 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2012-5598openSUSE 12.1openSUSE 12.1 Update
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6060. Reason: This candidate is a reservation duplicate of CVE-2012-6060. Notes: All CVE users should reference CVE-2012-6060 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2012-5599openSUSE 12.1openSUSE 12.1 Update
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6061. Reason: This candidate is a reservation duplicate of CVE-2012-6061. Notes: All CVE users should reference CVE-2012-6061 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2012-5600openSUSE 12.1openSUSE 12.1 Update
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6062. Reason: This candidate is a reservation duplicate of CVE-2012-6062. Notes: All CVE users should reference CVE-2012-6062 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2012-5601openSUSE 12.1openSUSE 12.1 Update
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6055. Reason: This candidate is a reservation duplicate of CVE-2012-6055. Notes: All CVE users should reference CVE-2012-6055 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2012-5602openSUSE 12.1openSUSE 12.1 Update
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6058. Reason: This candidate is a reservation duplicate of CVE-2012-6058. Notes: All CVE users should reference CVE-2012-6058 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2012-5611openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
CVE-2012-5624openSUSE 12.1openSUSE 12.1 Update
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
CVE-2012-5634openSUSE 12.1openSUSE 12.1 Update
Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt.
CVE-2012-5642openSUSE 12.1openSUSE 12.1 Update
server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.
CVE-2012-5643openSUSE 12.1openSUSE 12.1 Update
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.
CVE-2012-5656openSUSE 12.1openSUSE 12.1 Update
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
CVE-2012-5664openSUSE 12.1openSUSE 12.1 Update
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6496, CVE-2012-6497. Reason: this candidate was intended for one issue, but the candidate was publicly used to label concerns about multiple products. Notes: All CVE users should consult CVE-2012-6496 and CVE-2012-6497 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2012-5668openSUSE 12.1openSUSE 12.1 Update
FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function.
CVE-2012-5669openSUSE 12.1openSUSE 12.1 Update
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.
CVE-2012-5671openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
CVE-2012-5676openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
CVE-2012-5677openSUSE 12.1openSUSE 12.1 Update
Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
CVE-2012-5678openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2012-5688openSUSE 12.1openSUSE 12.1 Update
ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
CVE-2012-5783openSUSE 12.1openSUSE 12.1 Update
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2012-5829openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-5830openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.
CVE-2012-5833openSUSE 12.1openSUSE 12.1 Update
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter.
CVE-2012-5835openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data.
CVE-2012-5836openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.
CVE-2012-5837openSUSE 12.1openSUSE 12.1 Update
The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
CVE-2012-5838openSUSE 12.1openSUSE 12.1 Update
The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions.
CVE-2012-5839openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-5840openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.
CVE-2012-5841openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
CVE-2012-5842openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-5843openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-5854openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded.
CVE-2012-5885openSUSE 12.1openSUSE 12.1 Update
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
CVE-2012-5886openSUSE 12.1openSUSE 12.1 Update
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
CVE-2012-5887openSUSE 12.1openSUSE 12.1 Update
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
CVE-2012-5958openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.
CVE-2012-5959openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.
CVE-2012-5960openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet.
CVE-2012-6075openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
CVE-2012-6076openSUSE 12.1openSUSE 12.1 Update
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
CVE-2012-6085openSUSE 12.1openSUSE 12.1 Update
The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.
CVE-2012-6093openSUSE 12.1openSUSE 12.1 Update
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
CVE-2012-6096openSUSE 12.1openSUSE 12.1 Update
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
CVE-2012-6109openSUSE 12.1openSUSE 12.1 Update
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
CVE-2012-6129openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
CVE-2012-6139openSUSE 12.1openSUSE 12.1 Update
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
CVE-2012-6329openSUSE 12.1openSUSE 12.1 Update
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
CVE-2012-CVE-2012-3523openSUSE 12.1openSUSE 12.1 Update
Unknown.
CVE-2013-0153openSUSE 12.1openSUSE 12.1 Update
The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.
CVE-2013-0154openSUSE 12.1openSUSE 12.1 Update
The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall.
CVE-2013-0155openSUSE 12.1openSUSE 12.1 Update
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
CVE-2013-0156openSUSE 12.1openSUSE 12.1 Update
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
CVE-2013-0160openSUSE 12.1openSUSE 12.1 Update
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.
CVE-2013-0166openSUSE 12.1openSUSE 12.1 Update
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
CVE-2013-0169openSUSE 12.1openSUSE 12.1 Update
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
CVE-2013-0170openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
CVE-2013-0183openSUSE 12.1openSUSE 12.1 Update
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
CVE-2013-0184openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."
CVE-2013-0213openSUSE 12.1openSUSE 12.1 Update
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
CVE-2013-0214openSUSE 12.1openSUSE 12.1 Update
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
CVE-2013-0216openSUSE 12.1openSUSE 12.1 Update
The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.
CVE-2013-0221openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2013-0222openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2013-0223openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2013-0231openSUSE 12.1openSUSE 12.1 Update
The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information.
CVE-2013-0240openSUSE 12.1openSUSE 12.1 Update
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
CVE-2013-0254openSUSE 12.1openSUSE 12.1 Update
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
CVE-2013-0255openSUSE 12.1openSUSE 12.1 Update
PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.
CVE-2013-0256openSUSE 12.1openSUSE 12.1 Update
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
CVE-2013-0262openSUSE 12.1openSUSE 12.1 Update
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
CVE-2013-0263openSUSE 12.1openSUSE 12.1 Update
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.
CVE-2013-0268openSUSE 12.1openSUSE 12.1 Update
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
CVE-2013-0269openSUSE 12.1openSUSE 12.1 Update
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."
CVE-2013-0271openSUSE 12.1openSUSE 12.1 Update
The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.
CVE-2013-0272openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.
CVE-2013-0273openSUSE 12.1openSUSE 12.1 Update
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-0274openSUSE 12.1openSUSE 12.1 Update
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
CVE-2013-0276openSUSE 12.1openSUSE 12.1 Update
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
CVE-2013-0277openSUSE 12.1openSUSE 12.1 Update
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
CVE-2013-0288openSUSE 12.1openSUSE 12.1 Update
nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro.
CVE-2013-0296openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2013-0308openSUSE 12.1openSUSE 12.1 Update
The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-0309openSUSE 12.1openSUSE 12.1 Update
arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application.
CVE-2013-0333openSUSE 12.1openSUSE 12.1 Update
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.
CVE-2013-0338openSUSE 12.1openSUSE 12.1 Update
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.
CVE-2013-0401openSUSE 12.1openSUSE 12.1 Update
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.
CVE-2013-0420openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary."
CVE-2013-0424openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
CVE-2013-0425openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
CVE-2013-0426openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
CVE-2013-0427openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.
CVE-2013-0428openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
CVE-2013-0429openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.
CVE-2013-0432openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."
CVE-2013-0433openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.
CVE-2013-0434openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.
CVE-2013-0435openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."
CVE-2013-0440openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.
CVE-2013-0441openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."
CVE-2013-0442openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
CVE-2013-0443openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.
CVE-2013-0450openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.
CVE-2013-0454openSUSE 12.1openSUSE 12.1 Update
The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.
CVE-2013-0504openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows attackers to execute arbitrary code via unspecified vectors.
CVE-2013-0601openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623.
CVE-2013-0602openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2013-0603openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0604.
CVE-2013-0604openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0603.
CVE-2013-0605openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623.
CVE-2013-0606openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621.
CVE-2013-0607openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0608, CVE-2013-0611, CVE-2013-0614, and CVE-2013-0618.
CVE-2013-0608openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0611, CVE-2013-0614, and CVE-2013-0618.
CVE-2013-0609openSUSE 12.1openSUSE 12.1 Update
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0613.
CVE-2013-0610openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0626.
CVE-2013-0611openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0614, and CVE-2013-0618.
CVE-2013-0612openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621.
CVE-2013-0613openSUSE 12.1openSUSE 12.1 Update
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0609.
CVE-2013-0614openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0618.
CVE-2013-0615openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0617, and CVE-2013-0621.
CVE-2013-0616openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623.
CVE-2013-0617openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, and CVE-2013-0621.
CVE-2013-0618openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0614.
CVE-2013-0619openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0620, and CVE-2013-0623.
CVE-2013-0620openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, and CVE-2013-0623.
CVE-2013-0621openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, and CVE-2013-0617.
CVE-2013-0622openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-0624.
CVE-2013-0623openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, and CVE-2013-0620.
CVE-2013-0624openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-0622.
CVE-2013-0626openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0610.
CVE-2013-0627openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows local users to gain privileges via unknown vectors.
CVE-2013-0630openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2013-0633openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVE-2013-0634openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013.
CVE-2013-0637openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to obtain sensitive information via unspecified vectors.
CVE-2013-0638openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0647.
CVE-2013-0639openSUSE 12.1openSUSE 12.1 Update
Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2013-0640openSUSE 12.1openSUSE 12.1 Update
Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.
CVE-2013-0641openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
CVE-2013-0642openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
CVE-2013-0643openSUSE 12.1openSUSE 12.1 Update
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVE-2013-0644openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0649 and CVE-2013-1374.
CVE-2013-0645openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
CVE-2013-0646openSUSE 12.1openSUSE 12.1 Update
Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2013-0647openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0638.
CVE-2013-0648openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVE-2013-0649openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-1374.
CVE-2013-0650openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2013-0743openSUSE 12.1openSUSE 12.1 Update
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none.
CVE-2013-0744openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups.
CVE-2013-0745openSUSE 12.1openSUSE 12.1 Update
The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects.
CVE-2013-0746openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection.
CVE-2013-0747openSUSE 12.1openSUSE 12.1 Update
The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.
CVE-2013-0748openSUSE 12.1openSUSE 12.1 Update
The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object.
CVE-2013-0749openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-0750openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow.
CVE-2013-0751openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document.
CVE-2013-0752openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content.
CVE-2013-0753openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content.
CVE-2013-0754openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects.
CVE-2013-0755openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer.
CVE-2013-0756openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection.
CVE-2013-0757openSUSE 12.1openSUSE 12.1 Update
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document.
CVE-2013-0758openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
CVE-2013-0759openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code.
CVE-2013-0760openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
CVE-2013-0761openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2013-0762openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2013-0763openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas.
CVE-2013-0764openSUSE 12.1openSUSE 12.1 Update
The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data.
CVE-2013-0765openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2013-0766openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2013-0767openSUSE 12.1openSUSE 12.1 Update
The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2013-0768openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values.
CVE-2013-0769openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-0770openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-0771openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
CVE-2013-0772openSUSE 12.1openSUSE 12.1 Update
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.
CVE-2013-0773openSUSE 12.1openSUSE 12.1 Update
The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.
CVE-2013-0774openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.
CVE-2013-0775openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script.
CVE-2013-0776openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.
CVE-2013-0777openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2013-0778openSUSE 12.1openSUSE 12.1 Update
The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2013-0779openSUSE 12.1openSUSE 12.1 Update
The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2013-0780openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.
CVE-2013-0781openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2013-0782openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-0783openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-0787openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.
CVE-2013-0788openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-0789openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors.
CVE-2013-0791openSUSE 12.1openSUSE 12.1 Update
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.
CVE-2013-0792openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image.
CVE-2013-0793openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing.
CVE-2013-0794openSUSE 12.1openSUSE 12.1 Update
Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site.
CVE-2013-0795openSUSE 12.1openSUSE 12.1 Update
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.
CVE-2013-0796openSUSE 12.1openSUSE 12.1 Update
The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors.
CVE-2013-0800openSUSE 12.1openSUSE 12.1 Update
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.
CVE-2013-0809openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
CVE-2013-0830openSUSE 12.1openSUSE 12.1 Update
The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.
CVE-2013-0831openSUSE 12.1openSUSE 12.1 Update
Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process.
CVE-2013-0832openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.
CVE-2013-0833openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing.
CVE-2013-0834openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs.
CVE-2013-0835openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
CVE-2013-0836openSUSE 12.1openSUSE 12.1 Update
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code.
CVE-2013-0837openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.
CVE-2013-0838openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors.
CVE-2013-0871openSUSE 12.1openSUSE 12.1 Update
Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.
CVE-2013-0879openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2013-0880openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases.
CVE-2013-0881openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format.
CVE-2013-0882openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters.
CVE-2013-0883openSUSE 12.1openSUSE 12.1 Update
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
CVE-2013-0884openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors.
CVE-2013-0885openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.
CVE-2013-0886openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors.
CVE-2013-0887openSUSE 12.1openSUSE 12.1 Update
The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors.
CVE-2013-0888openSUSE 12.1openSUSE 12.1 Update
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads."
CVE-2013-0889openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file.
CVE-2013-0890openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.
CVE-2013-0891openSUSE 12.1openSUSE 12.1 Update
Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob.
CVE-2013-0892openSUSE 12.1openSUSE 12.1 Update
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2013-0893openSUSE 12.1openSUSE 12.1 Update
Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media.
CVE-2013-0894openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size.
CVE-2013-0895openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors.
CVE-2013-0896openSUSE 12.1openSUSE 12.1 Update
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2013-0897openSUSE 12.1openSUSE 12.1 Update
Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document.
CVE-2013-0898openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL.
CVE-2013-0899openSUSE 12.1openSUSE 12.1 Update
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.
CVE-2013-0900openSUSE 12.1openSUSE 12.1 Update
Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2013-0913openSUSE 12.1openSUSE 12.1 Update
Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition.
CVE-2013-1362openSUSE 12.1openSUSE 12.1 Update
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
CVE-2013-1365openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
CVE-2013-1366openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
CVE-2013-1367openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
CVE-2013-1368openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
CVE-2013-1369openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
CVE-2013-1370openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1372, and CVE-2013-1373.
CVE-2013-1371openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2013-1372openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1373.
CVE-2013-1373openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1372.
CVE-2013-1374openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-0649.
CVE-2013-1375openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2013-1378openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1380.
CVE-2013-1379openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2013-1380openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1378.
CVE-2013-1415openSUSE 12.1openSUSE 12.1 Update
The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
CVE-2013-1416openSUSE 12.1openSUSE 12.1 Update
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
CVE-2013-1475openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
CVE-2013-1476openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
CVE-2013-1486openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2013-1488openSUSE 12.1openSUSE 12.1 Update
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.
CVE-2013-1493openSUSE 12.1openSUSE 12.1 Update
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
CVE-2013-1518openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions."
CVE-2013-1537openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code.
CVE-2013-1557openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method.
CVE-2013-1569openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.
CVE-2013-1572openSUSE 12.1openSUSE 12.1 Update
The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
CVE-2013-1573openSUSE 12.1openSUSE 12.1 Update
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
CVE-2013-1574openSUSE 12.1openSUSE 12.1 Update
The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
CVE-2013-1575openSUSE 12.1openSUSE 12.1 Update
The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
CVE-2013-1576openSUSE 12.1openSUSE 12.1 Update
The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
CVE-2013-1577openSUSE 12.1openSUSE 12.1 Update
The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
CVE-2013-1578openSUSE 12.1openSUSE 12.1 Update
The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet.
CVE-2013-1579openSUSE 12.1openSUSE 12.1 Update
The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
CVE-2013-1580openSUSE 12.1openSUSE 12.1 Update
The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
CVE-2013-1581openSUSE 12.1openSUSE 12.1 Update
The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet.
CVE-2013-1582openSUSE 12.1openSUSE 12.1 Update
The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet.
CVE-2013-1583openSUSE 12.1openSUSE 12.1 Update
The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-1584openSUSE 12.1openSUSE 12.1 Update
The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-1585openSUSE 12.1openSUSE 12.1 Update
epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-1586openSUSE 12.1openSUSE 12.1 Update
The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-1587openSUSE 12.1openSUSE 12.1 Update
The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-1588openSUSE 12.1openSUSE 12.1 Update
Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-1589openSUSE 12.1openSUSE 12.1 Update
Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-1590openSUSE 12.1openSUSE 12.1 Update
Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-1618openSUSE 12.1openSUSE 12.1 Update
The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
CVE-2013-1619openSUSE 12.1openSUSE 12.1 Update
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
CVE-2013-1620openSUSE 12.1openSUSE 12.1 Update
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
CVE-2013-1640openSUSE 12.1openSUSE 12.1 Update
The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.
CVE-2013-1652openSUSE 12.1openSUSE 12.1 Update
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.
CVE-2013-1653openSUSE 12.1openSUSE 12.1 Update
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.
CVE-2013-1654openSUSE 12.1openSUSE 12.1 Update
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.
CVE-2013-1655openSUSE 12.1openSUSE 12.1 Update
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
CVE-2013-1667openSUSE 12.1openSUSE 12.1 Update
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
CVE-2013-1767openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option.
CVE-2013-1769openSUSE 12.1openSUSE 12.1 Update
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2013-1774openSUSE 12.1openSUSE 12.1 Update
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.
CVE-2013-1775openSUSE 12.1openSUSE 12.1 Update
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
CVE-2013-1776openSUSE 12.1openSUSE 12.1 Update
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to a standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
CVE-2013-1796openSUSE 12.1openSUSE 12.1 Update
The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.
CVE-2013-1797openSUSE 12.1openSUSE 12.1 Update
Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.
CVE-2013-1798openSUSE 12.1openSUSE 12.1 Update
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.
CVE-2013-1821openSUSE 12.1openSUSE 12.1 Update
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
CVE-2013-1845openSUSE 12.1openSUSE 12.1 Update
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
CVE-2013-1846openSUSE 12.1openSUSE 12.1 Update
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
CVE-2013-1847openSUSE 12.1openSUSE 12.1 Update
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
CVE-2013-1849openSUSE 12.1openSUSE 12.1 Update
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
CVE-2013-1854openSUSE 12.1openSUSE 12.1 Update
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.
CVE-2013-1855openSUSE 12.1openSUSE 12.1 Update
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.
CVE-2013-1857openSUSE 12.1openSUSE 12.1 Update
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.
CVE-2013-1884openSUSE 12.1openSUSE 12.1 Update
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
CVE-2013-1899openSUSE 12.1openSUSE 12.1 Update
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
CVE-2013-1900openSUSE 12.1openSUSE 12.1 Update
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."
CVE-2013-1901openSUSE 12.1openSUSE 12.1 Update
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
CVE-2013-1926openSUSE 12.1openSUSE 12.1 Update
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
CVE-2013-1927openSUSE 12.1openSUSE 12.1 Update
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
CVE-2013-1940openSUSE 12.1openSUSE 12.1 Update
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.
CVE-2013-1944openSUSE 12.1openSUSE 12.1 Update
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.
CVE-2013-1960openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the tp_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
CVE-2013-1961openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.
CVE-2013-1969openSUSE 12.1openSUSE 12.1 Update
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.
CVE-2013-2020openSUSE 12.1openSUSE 12.1 Update
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.
CVE-2013-2021openSUSE 12.1openSUSE 12.1 Update
pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.
CVE-2013-2094openSUSE 12.1openSUSE 12.1 Update
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
CVE-2013-2266openSUSE 12.1openSUSE 12.1 Update
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
CVE-2013-2274openSUSE 12.1openSUSE 12.1 Update
Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
CVE-2013-2275openSUSE 12.1openSUSE 12.1 Update
The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.
CVE-2013-2383openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.
CVE-2013-2384openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2.
CVE-2013-2415openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions.
CVE-2013-2417openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue.
CVE-2013-2419openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.
CVE-2013-2420openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets.
CVE-2013-2421openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect MethodHandle lookups, which allows remote attackers to bypass Java sandbox restrictions.
CVE-2013-2422openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox.
CVE-2013-2424openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator.
CVE-2013-2426openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect invocation of the defaultReadObject method in the ConcurrentHashMap class, which allows remote attackers to bypass the Java sandbox.
CVE-2013-2429openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageWriter state corruption" when using native code, which triggers memory corruption.
CVE-2013-2430openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code.
CVE-2013-2431openSUSE 12.1openSUSE 12.1 Update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames."
CVE-2013-2475openSUSE 12.1openSUSE 12.1 Update
The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-2476openSUSE 12.1openSUSE 12.1 Update
The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short.
CVE-2013-2477openSUSE 12.1openSUSE 12.1 Update
The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-2478openSUSE 12.1openSUSE 12.1 Update
The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string.
CVE-2013-2479openSUSE 12.1openSUSE 12.1 Update
The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data.
CVE-2013-2480openSUSE 12.1openSUSE 12.1 Update
The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-2481openSUSE 12.1openSUSE 12.1 Update
Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value.
CVE-2013-2482openSUSE 12.1openSUSE 12.1 Update
The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
CVE-2013-2483openSUSE 12.1openSUSE 12.1 Update
The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data.
CVE-2013-2484openSUSE 12.1openSUSE 12.1 Update
The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-2485openSUSE 12.1openSUSE 12.1 Update
The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
CVE-2013-2486openSUSE 12.1openSUSE 12.1 Update
The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet.
CVE-2013-2487openSUSE 12.1openSUSE 12.1 Update
epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486.
CVE-2013-2488openSUSE 12.1openSUSE 12.1 Update
The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.
CVE-2013-2492openSUSE 12.1openSUSE 12.1 Update
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.
CVE-2013-2503openSUSE 12.1openSUSE 12.1 Update
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
CVE-2013-2555openSUSE 12.1openSUSE 12.1 Update
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
CVE-2013-2728openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
CVE-2013-2850openSUSE 12.1openSUSE 12.1 Update
Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.
CVE-2013-2944openSUSE 12.1openSUSE 12.1 Update
strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.
CVE-2013-3324openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
CVE-2013-3325openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
CVE-2013-3326openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
CVE-2013-3327openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
CVE-2013-3328openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
CVE-2013-3329openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
CVE-2013-3330openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
CVE-2013-3331openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
CVE-2013-3332openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
CVE-2013-3333openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3334, and CVE-2013-3335.
CVE-2013-3334openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3335.
CVE-2013-3335openSUSE 12.1openSUSE 12.1 Update
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3334.
dbus-1-x11dbus-1-x11-debuginfodbus-1-x11-debugsourcedbus-1dbus-1-32bitdbus-1-debuginfodbus-1-debuginfo-32bitdbus-1-debuginfo-x86dbus-1-debugsourcedbus-1-develdbus-1-devel-32bitdbus-1-devel-docdbus-1-x86claws-mailclaws-mail-debuginfoclaws-mail-debugsourceclaws-mail-develclaws-mail-langjava-1_6_0-openjdkjava-1_6_0-openjdk-debuginfojava-1_6_0-openjdk-debugsourcejava-1_6_0-openjdk-demojava-1_6_0-openjdk-demo-debuginfojava-1_6_0-openjdk-develjava-1_6_0-openjdk-devel-debuginfojava-1_6_0-openjdk-javadocjava-1_6_0-openjdk-srceximexim-debuginfoexim-debugsourceeximoneximon-debuginfoeximstats-htmlcolordcolord-debuginfocolord-debugsourcecolord-langlibcolord-devellibcolord1libcolord1-32bitlibcolord1-debuginfolibcolord1-debuginfo-32bitcgitcgit-debuginfocgit-debugsourceMozillaFirefoxMozillaFirefox-branding-upstreamMozillaFirefox-buildsymbolsMozillaFirefox-debuginfoMozillaFirefox-debugsourceMozillaFirefox-develMozillaFirefox-translations-commonMozillaFirefox-translations-otherMozillaThunderbirdMozillaThunderbird-buildsymbolsMozillaThunderbird-debuginfoMozillaThunderbird-debugsourceMozillaThunderbird-develMozillaThunderbird-devel-debuginfoMozillaThunderbird-translations-commonMozillaThunderbird-translations-otherenigmailenigmail-debuginfoseamonkeyseamonkey-debuginfoseamonkey-debugsourceseamonkey-dom-inspectorseamonkey-ircseamonkey-translations-commonseamonkey-translations-otherseamonkey-venkmanmozilla-jsmozilla-js-32bitmozilla-js-debuginfomozilla-js-debuginfo-32bitmozilla-js-debuginfo-x86mozilla-js-x86xulrunnerxulrunner-32bitxulrunner-buildsymbolsxulrunner-debuginfoxulrunner-debuginfo-32bitxulrunner-debuginfo-x86xulrunner-debugsourcexulrunner-develxulrunner-devel-debuginfoxulrunner-x86namazunamazu-cginamazu-cgi-debuginfonamazu-debuginfonamazu-debugsourcenamazu-develrubyruby-debuginforuby-debugsourceruby-develruby-doc-htmlruby-doc-riruby-examplesruby-test-suiteruby-tkruby-tk-debuginfomcryptmcrypt-debuginfomcrypt-debugsourcekrb5-dockrb5-minikrb5-mini-debugsourcekrb5-mini-debuginfokrb5-mini-develkrb5-debuginfo-32bitkrb5-plugin-kdb-ldap-debuginfokrb5-plugin-preauth-pkinitkrb5-debugsourcekrb5-client-debuginfokrb5-32bitkrb5krb5-develkrb5-server-debuginfokrb5-clientkrb5-serverkrb5-plugin-preauth-pkinit-debuginfokrb5-debuginfokrb5-devel-32bitkrb5-plugin-kdb-ldapplibplib-debuginfoplib-debugsourceplib-develphpMyAdminoperaopera-gtkopera-kde4libreoffice-branding-upstreamlibreoffice-help-en-USlibreoffice-help-cslibreoffice-help-dalibreoffice-help-delibreoffice-help-en-GBlibreoffice-help-group1libreoffice-help-en-ZAlibreoffice-help-eslibreoffice-help-etlibreoffice-help-frlibreoffice-help-gllibreoffice-help-group2libreoffice-help-group3libreoffice-help-gu-INlibreoffice-help-hi-INlibreoffice-help-hulibreoffice-help-itlibreoffice-help-jalibreoffice-help-kmlibreoffice-help-group4libreoffice-help-kolibreoffice-help-nllibreoffice-help-pllibreoffice-help-ptlibreoffice-help-group5libreoffice-help-pt-BRlibreoffice-help-rulibreoffice-help-sllibreoffice-help-svlibreoffice-help-zh-CNlibreoffice-help-zh-TWlibreoffice-icon-theme-crystallibreoffice-icon-theme-galaxylibreoffice-icon-theme-hicontrastlibreoffice-icon-theme-oxygenlibreoffice-icon-theme-tangolibreoffice-icon-themeslibreoffice-l10nlibreoffice-l10n-aflibreoffice-l10n-arlibreoffice-l10n-be-BYlibreoffice-l10n-bglibreoffice-l10n-brlibreoffice-l10n-calibreoffice-l10n-cslibreoffice-l10n-cylibreoffice-l10n-dalibreoffice-l10n-delibreoffice-l10n-ellibreoffice-l10n-en-GBlibreoffice-l10n-en-ZAlibreoffice-l10n-eslibreoffice-l10n-etlibreoffice-l10n-filibreoffice-l10n-frlibreoffice-l10n-galibreoffice-l10n-gllibreoffice-l10n-gu-INlibreoffice-l10n-helibreoffice-l10n-hi-INlibreoffice-l10n-hrlibreoffice-l10n-hulibreoffice-l10n-itlibreoffice-l10n-jalibreoffice-l10n-kalibreoffice-l10n-kmlibreoffice-l10n-kolibreoffice-l10n-ltlibreoffice-l10n-mklibreoffice-l10n-nblibreoffice-l10n-nllibreoffice-l10n-nnlibreoffice-l10n-nrlibreoffice-l10n-pa-INlibreoffice-l10n-pllibreoffice-l10n-ptlibreoffice-l10n-pt-BRlibreoffice-l10n-rulibreoffice-l10n-rwlibreoffice-l10n-shlibreoffice-l10n-sklibreoffice-l10n-sllibreoffice-l10n-srlibreoffice-l10n-sslibreoffice-l10n-stlibreoffice-l10n-svlibreoffice-l10n-tglibreoffice-l10n-thlibreoffice-l10n-trlibreoffice-l10n-tslibreoffice-l10n-uklibreoffice-l10n-velibreoffice-l10n-vilibreoffice-l10n-xhlibreoffice-l10n-zh-CNlibreoffice-l10n-zh-TWlibreoffice-l10n-zulibreofficelibreoffice-baselibreoffice-base-debuginfolibreoffice-base-drivers-mysqllibreoffice-base-drivers-mysql-debuginfolibreoffice-base-drivers-postgresqllibreoffice-base-drivers-postgresql-debuginfolibreoffice-base-extensionslibreoffice-calclibreoffice-calc-debuginfolibreoffice-calc-extensionslibreoffice-debuginfolibreoffice-debugsourcelibreoffice-drawlibreoffice-draw-extensionslibreoffice-draw-extensions-debuginfolibreoffice-filters-optionallibreoffice-filters-optional-debuginfolibreoffice-gnomelibreoffice-gnome-debuginfolibreoffice-icon-themes-prebuiltlibreoffice-impresslibreoffice-impress-debuginfolibreoffice-impress-extensionslibreoffice-impress-extensions-debuginfolibreoffice-kdelibreoffice-kde-debuginfolibreoffice-kde4libreoffice-kde4-debuginfolibreoffice-l10n-prebuiltlibreoffice-mailmergelibreoffice-mathlibreoffice-math-debuginfolibreoffice-officebeanlibreoffice-officebean-debuginfolibreoffice-pyunolibreoffice-pyuno-debuginfolibreoffice-sdklibreoffice-sdk-debuginfolibreoffice-sdk-doclibreoffice-writerlibreoffice-writer-debuginfolibreoffice-writer-extensionsflash-playerflash-player-gnomeflash-player-kde4libotrlibotr-debugsourcelibotr-devellibotr-toolslibotr-tools-debuginfolibotr2libotr2-debuginfohyper-vhyper-v-debuginfohyper-v-debugsourcewiresharkwireshark-debuginfowireshark-debugsourcewireshark-develxenxen-debugsourcexen-develxen-kmp-defaultxen-kmp-default-debuginfoxen-kmp-desktopxen-kmp-desktop-debuginfoxen-kmp-paexen-kmp-pae-debuginfoxen-libs-32bitxen-libsxen-libs-debuginfo-32bitxen-libs-debuginfoxen-libs-debuginfo-x86xen-libs-x86xen-tools-domUxen-tools-domU-debuginfoxen-doc-htmlxen-doc-pdfxen-toolsxen-tools-debuginfoicedtea-webicedtea-web-debuginfoicedtea-web-debugsourceicedtea-web-javadocpython-cupshelperssystem-config-printersystem-config-printer-appletsystem-config-printer-commonsystem-config-printer-common-langsystem-config-printer-dbus-servicesystem-config-printer-debugsourceudev-configure-printerudev-configure-printer-debuginfokdelibs4-apidocskdelibs4kdelibs4-branding-upstreamkdelibs4-corekdelibs4-core-debuginfokdelibs4-debuginfokdelibs4-debugsourcekdelibs4-dockdelibs4-doc-debuginfolibkde4-32bitlibkde4libkde4-debuginfo-32bitlibkde4-debuginfolibkde4-debuginfo-x86libkde4-devellibkde4-x86libkdecore4-32bitlibkdecore4libkdecore4-debuginfo-32bitlibkdecore4-debuginfolibkdecore4-debuginfo-x86libkdecore4-devellibkdecore4-devel-debuginfolibkdecore4-x86libksuseinstall-devellibksuseinstall1-32bitlibksuseinstall1libksuseinstall1-debuginfo-32bitlibksuseinstall1-debuginfolibksuseinstall1-debuginfo-x86libksuseinstall1-x86weechatweechat-aspellweechat-aspell-debuginfoweechat-debuginfoweechat-debugsourceweechat-develweechat-langweechat-luaweechat-lua-debuginfoweechat-perlweechat-perl-debuginfoweechat-pythonweechat-python-debuginfoweechat-rubyweechat-ruby-debuginfoweechat-tclweechat-tcl-debuginfolibsshlibssh-debugsourcelibssh-devellibssh-devel-doclibssh4libssh4-debuginfosblim-cim-client2sblim-cim-client2-javadocsblim-cim-client2-manualhorde4-impgeglgegl-0_1gegl-0_1-debuginfogegl-debuginfogegl-debugsourcegegl-develgegl-doclibgegl-0_1-0libgegl-0_1-0-debuginfohorde4-kronolithgimpgimp-branding-upstreamgimp-debuginfogimp-debugsourcegimp-develgimp-devel-debuginfogimp-help-browsergimp-help-browser-debuginfogimp-langgimp-plugins-pythongimp-plugins-python-debuginfolibgimp-2_0-0libgimp-2_0-0-32bitlibgimp-2_0-0-debuginfolibgimp-2_0-0-debuginfo-32bitlibgimp-2_0-0-debuginfo-x86libgimp-2_0-0-x86libgimpui-2_0-0libgimpui-2_0-0-32bitlibgimpui-2_0-0-debuginfolibgimpui-2_0-0-debuginfo-32bitlibgimpui-2_0-0-debuginfo-x86libgimpui-2_0-0-x86chromedriverchromedriver-debuginfochromiumchromium-debuginfochromium-debugsourcechromium-desktop-gnomechromium-desktop-kdechromium-ffmpegsumochromium-ffmpegsumo-debuginfochromium-suid-helperchromium-suid-helper-debuginfobogofilterbogofilter-debuginfobogofilter-debugsourcelibxml2libxml2-32bitlibxml2-debuginfolibxml2-debuginfo-32bitlibxml2-debuginfo-x86libxml2-debugsourcelibxml2-devellibxml2-devel-32bitlibxml2-doclibxml2-x86bindbind-chrootenvbind-debuginfobind-debugsourcebind-develbind-docbind-libs-32bitbind-libsbind-libs-debuginfo-32bitbind-libs-debuginfobind-libs-debuginfo-x86bind-libs-x86bind-lwresdbind-lwresd-debuginfobind-utilsbind-utils-debuginfodhcpdhcp-clientdhcp-client-debuginfodhcp-debuginfodhcp-debugsourcedhcp-develdhcp-docdhcp-relaydhcp-relay-debuginfodhcp-serverdhcp-server-debuginfolibtcnative-1-0libtcnative-1-0-debuginfolibtcnative-1-0-debugsourcelibtcnative-1-0-develtomcat6tomcat6-admin-webappstomcat6-docs-webapptomcat6-el-1_0-apitomcat6-javadoctomcat6-jsp-2_1-apitomcat6-libtomcat6-servlet-2_5-apitomcat6-webappslibmariadbclient16libmariadbclient16-debuginfolibmariadbclient_r16libmariadbclient_r16-debuginfomariadbmariadb-benchmariadb-bench-debuginfomariadb-clientmariadb-client-debuginfomariadb-debugmariadb-debug-debuginfomariadb-debuginfomariadb-debugsourcemariadb-testmariadb-test-debuginfomariadb-toolsmariadb-tools-debuginfolibmysqlclient-devel-32bitlibmysqlclient-devellibmysqlclient18-32bitlibmysqlclient18libmysqlclient18-debuginfo-32bitlibmysqlclient18-debuginfolibmysqlclient18-debuginfo-x86libmysqlclient18-x86libmysqlclient_r18-32bitlibmysqlclient_r18libmysqlclient_r18-x86libmysqld-devellibmysqld18libmysqld18-debuginfomysql-community-servermysql-community-server-benchmysql-community-server-bench-debuginfomysql-community-server-clientmysql-community-server-client-debuginfomysql-community-server-debugmysql-community-server-debug-debuginfomysql-community-server-debuginfomysql-community-server-debugsourcemysql-community-server-errormessagesmysql-community-server-testmysql-community-server-test-debuginfomysql-community-server-toolsmysql-community-server-tools-debuginfolibqt4-32bitlibqt4libqt4-debuginfo-32bitlibqt4-debuginfolibqt4-debuginfo-x86libqt4-debugsourcelibqt4-devellibqt4-devel-debuginfolibqt4-private-headers-devellibqt4-qt3support-32bitlibqt4-qt3supportlibqt4-qt3support-debuginfo-32bitlibqt4-qt3support-debuginfolibqt4-qt3support-debuginfo-x86libqt4-qt3support-x86libqt4-sql-32bitlibqt4-sqllibqt4-sql-debuginfo-32bitlibqt4-sql-debuginfolibqt4-sql-debuginfo-x86libqt4-sql-sqlite-32bitlibqt4-sql-sqlitelibqt4-sql-sqlite-debuginfo-32bitlibqt4-sql-sqlite-debuginfolibqt4-sql-sqlite-debuginfo-x86libqt4-sql-sqlite-x86libqt4-sql-x86libqt4-x11-32bitlibqt4-x11libqt4-x11-debuginfo-32bitlibqt4-x11-debuginfolibqt4-x11-debuginfo-x86libqt4-x11-x86libqt4-x86net6net6-develnet6-debuginfonet6-langnet6-debugsourcemozilla-nspr-32bitmozilla-nsprmozilla-nspr-debuginfo-32bitmozilla-nspr-debuginfomozilla-nspr-debuginfo-x86mozilla-nspr-debugsourcemozilla-nspr-develmozilla-nspr-x86libfreebl3libfreebl3-32bitlibfreebl3-debuginfolibfreebl3-debuginfo-32bitlibfreebl3-debuginfo-x86libfreebl3-x86libsoftokn3libsoftokn3-32bitlibsoftokn3-debuginfolibsoftokn3-debuginfo-32bitlibsoftokn3-debuginfo-x86libsoftokn3-x86mozilla-nssmozilla-nss-32bitmozilla-nss-certsmozilla-nss-certs-32bitmozilla-nss-certs-debuginfomozilla-nss-certs-debuginfo-32bitmozilla-nss-certs-debuginfo-x86mozilla-nss-certs-x86mozilla-nss-debuginfomozilla-nss-debuginfo-32bitmozilla-nss-debuginfo-x86mozilla-nss-debugsourcemozilla-nss-develmozilla-nss-sysinitmozilla-nss-sysinit-32bitmozilla-nss-sysinit-debuginfomozilla-nss-sysinit-debuginfo-32bitmozilla-nss-sysinit-debuginfo-x86mozilla-nss-sysinit-x86mozilla-nss-toolsmozilla-nss-tools-debuginfomozilla-nss-x86freeradius-serverfreeradius-server-debuginfofreeradius-server-debugsourcefreeradius-server-develfreeradius-server-dialupadminfreeradius-server-docfreeradius-server-libsfreeradius-server-libs-debuginfofreeradius-server-utilsfreeradius-server-utils-debuginfoacroread-cmapsacroread-fonts-jaacroread-fonts-koacroread-fonts-zh_CNacroread-fonts-zh_TWacroreadacroread-browser-pluginfreetype2freetype2-debugsourcefreetype2-develfreetype2-devel-32bitlibfreetype6libfreetype6-32bitlibfreetype6-debuginfolibfreetype6-debuginfo-32bitlibfreetype6-debuginfo-x86libfreetype6-x86nagiosnagios-debuginfonagios-debugsourcenagios-develnagios-wwwnagios-www-debuginfosquid3squid3-debuginfosquid3-debugsourceicingaicinga-debuginfoicinga-debugsourceicinga-develicinga-docicinga-idoutilsicinga-idoutils-debuginfoicinga-idoutils-mysqlicinga-idoutils-oracleicinga-idoutils-pgsqlicinga-plugins-eventhandlersicinga-wwwicinga-www-debuginfopython-virtualboxpython-virtualbox-debuginfovirtualboxvirtualbox-debuginfovirtualbox-debugsourcevirtualbox-develvirtualbox-guest-kmp-defaultvirtualbox-guest-kmp-default-debuginfovirtualbox-guest-kmp-desktopvirtualbox-guest-kmp-desktop-debuginfovirtualbox-guest-kmp-paevirtualbox-guest-kmp-pae-debuginfovirtualbox-guest-toolsvirtualbox-guest-tools-debuginfovirtualbox-guest-x11virtualbox-guest-x11-debuginfovirtualbox-host-kmp-defaultvirtualbox-host-kmp-default-debuginfovirtualbox-host-kmp-desktopvirtualbox-host-kmp-desktop-debuginfovirtualbox-host-kmp-paevirtualbox-host-kmp-pae-debuginfovirtualbox-qtvirtualbox-qt-debuginfocoreutilscoreutils-debuginfocoreutils-debuginfo-x86coreutils-debugsourcecoreutils-langcoreutils-x86libv8-3libv8-3-debuginfov8v8-develv8-private-headers-develapache2apache2-debuginfoapache2-debugsourceapache2-develapache2-docapache2-eventapache2-event-debuginfoapache2-example-pagesapache2-itkapache2-itk-debuginfoapache2-preforkapache2-prefork-debuginfoapache2-utilsapache2-utils-debuginfoapache2-workerapache2-worker-debuginfolibupnp-devellibupnp6libupnp6-32bitlibupnp6-debuginfolibupnp6-debuginfo-32bitlibupnp6-debuginfo-x86libupnp6-debugsourcelibupnp6-x86rubygem-actionmailer-2_3rubygem-actionmailer-2_3-docrubygem-actionmailer-2_3-testsuiterubygem-actionmailerrubygem-actionpack-2_3rubygem-actionpack-2_3-docrubygem-actionpack-2_3-testsuiterubygem-actionpackrubygem-activerecord-2_3rubygem-activerecord-2_3-docrubygem-activerecord-2_3-testsuiterubygem-activerecordrubygem-activeresource-2_3rubygem-activeresource-2_3-docrubygem-activeresource-2_3-testsuiterubygem-activeresourcerubygem-activesupport-2_3rubygem-activesupport-2_3-docrubygem-activesupportrubygem-rack-1_1rubygem-rack-1_1-docrubygem-rack-1_1-testsuiterubygem-rails-2_3rubygem-rails-2_3-docrubygem-railssamba-docldapsmblibldb-devellibldb1libldb1-32bitlibldb1-debuginfolibldb1-debuginfo-32bitlibldb1-debuginfo-x86libldb1-x86libnetapi-devellibnetapi0libnetapi0-debuginfolibsmbclient-devellibsmbclient0libsmbclient0-32bitlibsmbclient0-debuginfolibsmbclient0-debuginfo-32bitlibsmbclient0-debuginfo-x86libsmbclient0-x86libsmbsharemodes-devellibsmbsharemodes0libsmbsharemodes0-debuginfolibtalloc-devellibtalloc2libtalloc2-32bitlibtalloc2-debuginfolibtalloc2-debuginfo-32bitlibtalloc2-debuginfo-x86libtalloc2-x86libtdb-devellibtdb1libtdb1-32bitlibtdb1-debuginfolibtdb1-debuginfo-32bitlibtdb1-debuginfo-x86libtdb1-x86libtevent-devellibtevent0libtevent0-32bitlibtevent0-debuginfolibtevent0-debuginfo-32bitlibtevent0-debuginfo-x86libtevent0-x86libwbclient-devellibwbclient0libwbclient0-32bitlibwbclient0-debuginfolibwbclient0-debuginfo-32bitlibwbclient0-debuginfo-x86libwbclient0-x86sambasamba-32bitsamba-clientsamba-client-32bitsamba-client-debuginfosamba-client-debuginfo-32bitsamba-client-debuginfo-x86samba-client-x86samba-debuginfosamba-debuginfo-32bitsamba-debuginfo-x86samba-debugsourcesamba-develsamba-krb-printingsamba-krb-printing-debuginfosamba-winbindsamba-winbind-32bitsamba-winbind-debuginfosamba-winbind-debuginfo-32bitsamba-winbind-debuginfo-x86samba-winbind-x86samba-x86libvirtlibvirt-clientlibvirt-client-32bitlibvirt-client-debuginfolibvirt-client-debuginfo-32bitlibvirt-client-debuginfo-x86libvirt-client-x86libvirt-debuginfolibvirt-debugsourcelibvirt-devellibvirt-devel-32bitlibvirt-doclibvirt-pythonlibvirt-python-debuginfognutlsgnutls-debuginfognutls-debugsourcelibgnutls-devellibgnutls-devel-32bitlibgnutls-extra-devellibgnutls-extra28libgnutls-extra28-debuginfolibgnutls-openssl-devellibgnutls-openssl27libgnutls-openssl27-debuginfolibgnutls28libgnutls28-32bitlibgnutls28-debuginfolibgnutls28-debuginfo-32bitlibgnutls28-debuginfo-x86libgnutls28-x86libgnutlsxx-devellibgnutlsxx28libgnutlsxx28-debuginfoinkscapeinkscape-debuginfoinkscape-debugsourceinkscape-extensions-diainkscape-extensions-extrainkscape-extensions-figinkscape-extensions-gimpinkscape-extensions-skencilinkscape-langgnome-online-accountsgnome-online-accounts-debuginfognome-online-accounts-debugsourcegnome-online-accounts-develgnome-online-accounts-langlibgoa-1_0-0libgoa-1_0-0-debuginfolibgoa-backend-1_0-0libgoa-backend-1_0-0-debuginfolibecpg6-32bitlibecpg6libecpg6-debuginfo-32bitlibecpg6-debuginfolibecpg6-debuginfo-x86libecpg6-x86libpq5-32bitlibpq5libpq5-debuginfo-32bitlibpq5-debuginfolibpq5-debuginfo-x86libpq5-x86postgresql91-devel-32bitpostgresql91-develpostgresql91-devel-debuginfo-32bitpostgresql91-devel-debuginfopostgresql91-devel-debuginfo-x86postgresql91-libspostgresql91-libs-debugsourcepostgresql91postgresql91-contribpostgresql91-contrib-debuginfopostgresql91-debuginfopostgresql91-debugsourcepostgresql91-docspostgresql91-plperlpostgresql91-plperl-debuginfopostgresql91-plpythonpostgresql91-plpython-debuginfopostgresql91-pltclpostgresql91-pltcl-debuginfopostgresql91-serverpostgresql91-server-debuginfojakarta-commons-httpclient3jakarta-commons-httpclient3-demojakarta-commons-httpclient3-javadocjakarta-commons-httpclient3-manualrubygem-rdoclibopenssl-devellibopenssl-devel-32bitlibopenssl1_0_0libopenssl1_0_0-32bitlibopenssl1_0_0-debuginfolibopenssl1_0_0-debuginfo-32bitlibopenssl1_0_0-debuginfo-x86libopenssl1_0_0-x86opensslopenssl-debuginfoopenssl-debugsourceopenssl-docchmseechmsee-debuginfochmsee-debugsourcegitgit-archgit-coregit-core-debuginfogit-cvsgit-daemongit-daemon-debuginfogit-debugsourcegit-emailgit-guigit-remote-helpersgit-svngit-webgitkfinchfinch-debuginfofinch-devellibpurplelibpurple-branding-upstreamlibpurple-debuginfolibpurple-devellibpurple-langlibpurple-meanwhilelibpurple-meanwhile-debuginfolibpurple-tcllibpurple-tcl-debuginfopidginpidgin-debuginfopidgin-debugsourcepidgin-develpidgin-evolutionpidgin-evolution-debuginfokernel-debugkernel-debug-basekernel-debug-base-debuginfokernel-debug-debuginfokernel-debug-debugsourcekernel-debug-develkernel-debug-devel-debuginfokernel-defaultkernel-default-basekernel-default-base-debuginfokernel-default-debuginfokernel-default-debugsourcekernel-default-develkernel-default-devel-debuginfokernel-desktopkernel-desktop-basekernel-desktop-base-debuginfokernel-desktop-debuginfokernel-desktop-debugsourcekernel-desktop-develkernel-desktop-devel-debuginfokernel-docskernel-ec2kernel-ec2-basekernel-ec2-base-debuginfokernel-ec2-debuginfokernel-ec2-debugsourcekernel-ec2-develkernel-ec2-devel-debuginfokernel-ec2-extrakernel-ec2-extra-debuginfokernel-paekernel-pae-basekernel-pae-base-debuginfokernel-pae-debuginfokernel-pae-debugsourcekernel-pae-develkernel-pae-devel-debuginfokernel-develkernel-sourcekernel-source-vanillakernel-symskernel-tracekernel-trace-basekernel-trace-base-debuginfokernel-trace-debuginfokernel-trace-debugsourcekernel-trace-develkernel-trace-devel-debuginfokernel-vanillakernel-vanilla-basekernel-vanilla-base-debuginfokernel-vanilla-debuginfokernel-vanilla-debugsourcekernel-vanilla-develkernel-vanilla-devel-debuginfokernel-xenkernel-xen-basekernel-xen-base-debuginfokernel-xen-debuginfokernel-xen-debugsourcekernel-xen-develkernel-xen-devel-debuginfosudosudo-debuginfosudo-debugsourcesudo-develjasperjasper-debuginfojasper-debugsourcelibjasper-devellibjasper1libjasper1-32bitlibjasper1-debuginfolibjasper1-debuginfo-32bitfirebirdfirebird-classicfirebird-classic-debuginfofirebird-debuginfofirebird-debugsourcefirebird-develfirebird-devel-debuginfofirebird-docfirebird-filesystemfirebird-superserverfirebird-superserver-debuginfolibfbclient2libfbclient2-32bitlibfbclient2-debuginfolibfbclient2-debuginfo-32bitlibfbclient2-debuginfo-x86libfbclient2-x86libfbembed2libfbembed2-32bitlibfbembed2-debuginfolibfbembed2-debuginfo-32bitlibfbembed2-debuginfo-x86libfbembed2-x86krb5-debuginfo-x86krb5-x86nagios-nrpenagios-nrpe-debuginfonagios-nrpe-debugsourcenagios-nrpe-docnagios-plugins-nrpenagios-plugins-nrpe-debuginfoperl-32bitperlperl-base-32bitperl-baseperl-base-debuginfo-32bitperl-base-debuginfoperl-base-debuginfo-x86perl-base-x86perl-debuginfo-32bitperl-debuginfoperl-debuginfo-x86perl-debugsourceperl-docperl-x86transmissiontransmission-commontransmission-debuginfotransmission-debugsourcetransmission-gtktransmission-gtk-debuginfotransmission-gtk-langtransmission-qttransmission-qt-debuginfonss-pam-ldapdnss-pam-ldapd-32bitnss-pam-ldapd-debuginfonss-pam-ldapd-debuginfo-32bitnss-pam-ldapd-debuginfo-x86nss-pam-ldapd-debugsourcenss-pam-ldapd-x86telepathy-gabbletelepathy-gabble-debuginfotelepathy-gabble-debugsourcetelepathy-gabble-docprivoxyprivoxy-debuginfoprivoxy-debugsourceprivoxy-docImageMagickImageMagick-debuginfoImageMagick-debugsourceImageMagick-devel-32bitImageMagick-develImageMagick-docImageMagick-extraImageMagick-extra-debuginfolibMagick++-devellibMagick++5libMagick++5-debuginfolibMagickCore5-32bitlibMagickCore5libMagickCore5-debuginfo-32bitlibMagickCore5-debuginfolibMagickCore5-debuginfo-x86libMagickCore5-x86libMagickWand5-32bitlibMagickWand5libMagickWand5-debuginfo-32bitlibMagickWand5-debuginfolibMagickWand5-debuginfo-x86libMagickWand5-x86perl-PerlMagickperl-PerlMagick-debuginfoGraphicsMagickGraphicsMagick-debuginfoGraphicsMagick-debugsourceGraphicsMagick-devellibGraphicsMagick++-devellibGraphicsMagick++3libGraphicsMagick++3-debuginfolibGraphicsMagick3libGraphicsMagick3-debuginfolibGraphicsMagickWand2libGraphicsMagickWand2-debuginfoperl-GraphicsMagickperl-GraphicsMagick-debuginfopigzpigz-debuginfopigz-debugsourceclamavclamav-dbclamav-debuginfoclamav-debugsourcefail2banlibxslt-pythonlibxslt-python-debuginfolibxslt-python-debugsourcelibxsltlibxslt-debugsourcelibxslt-devellibxslt-devel-32bitlibxslt1libxslt1-32bitlibxslt1-debuginfolibxslt1-debuginfo-32bitlibxslt1-debuginfo-x86libxslt1-x86v8-debugsourcepuppetpuppet-serverft2demosft2demos-debuginfoft2demos-debugsourcekvmkvm-debuginfokvm-debugsourceglibcglibc-32bitglibc-debuginfoglibc-debuginfo-32bitglibc-debugsourceglibc-develglibc-devel-32bitglibc-devel-debuginfoglibc-devel-debuginfo-32bitglibc-devel-staticglibc-devel-static-32bitglibc-htmlglibc-i18ndataglibc-infoglibc-localeglibc-locale-32bitglibc-locale-debuginfoglibc-locale-debuginfo-32bitglibc-obsoleteglibc-obsolete-debuginfoglibc-profileglibc-profile-32bitglibc-utilsglibc-utils-32bitglibc-utils-debuginfoglibc-utils-debuginfo-32bitnscdnscd-debuginfolibsvn_auth_gnome_keyring-1-0libsvn_auth_gnome_keyring-1-0-debuginfolibsvn_auth_kwallet-1-0libsvn_auth_kwallet-1-0-debuginfosubversionsubversion-debuginfosubversion-debugsourcesubversion-develsubversion-perlsubversion-perl-debuginfosubversion-pythonsubversion-python-debuginfosubversion-rubysubversion-ruby-debuginfosubversion-serversubversion-server-debuginfosubversion-toolssubversion-tools-debuginfosysconfigsysconfig-debuginfosysconfig-debugsourcecurlcurl-debuginfolibcurl-devellibcurl4-32bitlibcurl4libcurl4-debuginfo-32bitlibcurl4-debuginfolibcurl4-debuginfo-x86libcurl4-x86mozilla-js192mozilla-js192-32bitmozilla-js192-debuginfomozilla-js192-debuginfo-32bitmozilla-xulrunner192mozilla-xulrunner192-32bitmozilla-xulrunner192-buildsymbolsmozilla-xulrunner192-debuginfomozilla-xulrunner192-debuginfo-32bitmozilla-xulrunner192-debugsourcemozilla-xulrunner192-develmozilla-xulrunner192-devel-debuginfomozilla-xulrunner192-gnomemozilla-xulrunner192-gnome-32bitmozilla-xulrunner192-gnome-debuginfomozilla-xulrunner192-gnome-debuginfo-32bitmozilla-xulrunner192-translations-commonmozilla-xulrunner192-translations-common-32bitmozilla-xulrunner192-translations-othermozilla-xulrunner192-translations-other-32bitxorg-x11-Xvncxorg-x11-Xvnc-debuginfoxorg-x11-serverxorg-x11-server-debuginfoxorg-x11-server-debugsourcexorg-x11-server-extraxorg-x11-server-extra-debuginfoxorg-x11-server-sdkstrongswanstrongswan-debugsourcestrongswan-docstrongswan-ikev1strongswan-ikev1-debuginfostrongswan-ikev2strongswan-ikev2-debuginfostrongswan-ipsecstrongswan-ipsec-debuginfostrongswan-libs0strongswan-libs0-debuginfostrongswan-mysqlstrongswan-mysql-debuginfostrongswan-nmstrongswan-nm-debuginfostrongswan-sqlitestrongswan-sqlite-debuginfopython-httplib2FastCGIFastCGI-debuginfoFastCGI-debugsourceFastCGI-develperl-FastCGIperl-FastCGI-debuginfolibtiff-devellibtiff-devel-32bitlibtiff3libtiff3-32bitlibtiff3-debuginfolibtiff3-debuginfo-32bitlibtiff3-debuginfo-x86libtiff3-x86tifftiff-debuginfotiff-debugsourcegpg2gpg2-debuginfogpg2-debugsourcegpg2-langkrb5-applkrb5-appl-clientskrb5-appl-clients-debuginfokrb5-appl-debugsourcekrb5-appl-serverskrb5-appl-servers-debuginfochasenchasen-debuginfochasen-debugsourcechasen-develperl-Text-ChaSenperl-Text-ChaSen-debuginfolibpurple-branding-openSUSEpidgin-branding-openSUSEapache2-mod_php5apache2-mod_php5-debuginfophp5php5-bcmathphp5-bcmath-debuginfophp5-bz2php5-bz2-debuginfophp5-calendarphp5-calendar-debuginfophp5-ctypephp5-ctype-debuginfophp5-curlphp5-curl-debuginfophp5-dbaphp5-dba-debuginfophp5-debuginfophp5-debugsourcephp5-develphp5-domphp5-dom-debuginfophp5-enchantphp5-enchant-debuginfophp5-exifphp5-exif-debuginfophp5-fastcgiphp5-fastcgi-debuginfophp5-fileinfophp5-fileinfo-debuginfophp5-fpmphp5-fpm-debuginfophp5-ftpphp5-ftp-debuginfophp5-gdphp5-gd-debuginfophp5-gettextphp5-gettext-debuginfophp5-gmpphp5-gmp-debuginfophp5-iconvphp5-iconv-debuginfophp5-imapphp5-imap-debuginfophp5-intlphp5-intl-debuginfophp5-jsonphp5-json-debuginfophp5-ldapphp5-ldap-debuginfophp5-mbstringphp5-mbstring-debuginfophp5-mcryptphp5-mcrypt-debuginfophp5-mssqlphp5-mssql-debuginfophp5-mysqlphp5-mysql-debuginfophp5-odbcphp5-odbc-debuginfophp5-opensslphp5-openssl-debuginfophp5-pcntlphp5-pcntl-debuginfophp5-pdophp5-pdo-debuginfophp5-pearphp5-pgsqlphp5-pgsql-debuginfophp5-pharphp5-phar-debuginfophp5-posixphp5-posix-debuginfophp5-pspellphp5-pspell-debuginfophp5-readlinephp5-readline-debuginfophp5-shmopphp5-shmop-debuginfophp5-snmpphp5-snmp-debuginfophp5-soapphp5-soap-debuginfophp5-socketsphp5-sockets-debuginfophp5-sqlitephp5-sqlite-debuginfophp5-suhosinphp5-suhosin-debuginfophp5-sysvmsgphp5-sysvmsg-debuginfophp5-sysvsemphp5-sysvsem-debuginfophp5-sysvshmphp5-sysvshm-debuginfophp5-tidyphp5-tidy-debuginfophp5-tokenizerphp5-tokenizer-debuginfophp5-wddxphp5-wddx-debuginfophp5-xmlreaderphp5-xmlreader-debuginfophp5-xmlrpcphp5-xmlrpc-debuginfophp5-xmlwriterphp5-xmlwriter-debuginfophp5-xslphp5-xsl-debuginfophp5-zipphp5-zip-debuginfophp5-zlibphp5-zlib-debuginfoacpidacpid-debuginfoacpid-debugsourceMozillaFirefox-branding-openSUSEicuicu-dataicu-debuginfoicu-debugsourcelibicu-32bitlibiculibicu-debuginfo-32bitlibicu-debuginfolibicu-devel-32bitlibicu-devellibicu-docNetworkManager-gnomeNetworkManager-gnome-debuginfoNetworkManager-gnome-debugsourceNetworkManager-gnome-langlibnm-gtk-devellibnm-gtk0libnm-gtk0-debuginfopostfixadminlightdm-branding-openSUSElightdm-gtk-greeter-branding-openSUSEliblightdm-qt-1-0-debuginfolightdm-langlightdm-gtk-greeterlightdm-qt-greeterlightdm-debugsourcelightdmliblightdm-gobject-1-0lightdm-gobject-devellightdm-gtk-greeter-debuginfoliblightdm-gobject-1-0-debuginfolightdm-gtk-greeter-branding-upstreamlightdm-qt-develliblightdm-qt-1-0lightdm-qt-greeter-debuginfolightdm-debuginfolighttpdlighttpd-debuginfolighttpd-debugsourcelighttpd-mod_cmllighttpd-mod_cml-debuginfolighttpd-mod_geoiplighttpd-mod_geoip-debuginfolighttpd-mod_magnetlighttpd-mod_magnet-debuginfolighttpd-mod_mysql_vhostlighttpd-mod_mysql_vhost-debuginfolighttpd-mod_rrdtoollighttpd-mod_rrdtool-debuginfolighttpd-mod_trigger_b4_dllighttpd-mod_trigger_b4_dl-debuginfolighttpd-mod_webdavlighttpd-mod_webdav-debuginfopdnspdns-backend-ldappdns-backend-ldap-debuginfopdns-backend-mysqlpdns-backend-mysql-debuginfopdns-backend-postgresqlpdns-backend-postgresql-debuginfopdns-backend-sqlite2pdns-backend-sqlite2-debuginfopdns-backend-sqlite3pdns-backend-sqlite3-debuginfopdns-debuginfopdns-debugsourcecvscvs-debuginfocvs-debugsourcecvs-dochorde3-dimphorde3-imphorde3jetty5jetty5-demojetty5-javadocjetty5-manualmumblemumble-32bitmumble-debuginfomumble-debuginfo-32bitmumble-debugsourcemumble-servermumble-server-debuginfolibpng12-0libpng12-0-32bitlibpng12-0-debuginfolibpng12-0-debuginfo-32bitlibpng12libpng12-compat-devellibpng12-compat-devel-32bitlibpng12-debugsourcelibpng12-devellibpng12-devel-32bitlibpng14libpng14-14libpng14-14-32bitlibpng14-14-debuginfolibpng14-14-debuginfo-32bitlibpng14-compat-devellibpng14-compat-devel-32bitlibpng14-debugsourcelibpng14-devellibpng14-devel-32bitsystemd-32bitsystemdsystemd-debuginfo-32bitsystemd-debuginfosystemd-debugsourcesystemd-develsystemd-sysvinitlibvorbislibvorbis-debugsourcelibvorbis-devellibvorbis-doclibvorbis0libvorbis0-32bitlibvorbis0-debuginfolibvorbis0-debuginfo-32bitlibvorbisenc2libvorbisenc2-32bitlibvorbisenc2-debuginfolibvorbisenc2-debuginfo-32bitlibvorbisfile3libvorbisfile3-32bitlibvorbisfile3-debuginfolibvorbisfile3-debuginfo-32bitiproxyiproxy-debuginfolibusbmuxd-devellibusbmuxd1libusbmuxd1-32bitlibusbmuxd1-debuginfolibusbmuxd1-debuginfo-32bitusbmuxdusbmuxd-debuginfousbmuxd-debuginfo-32bitusbmuxd-debugsourcecsoundicecasticecast-debuginfoicecast-debugsourcegnashgnash-debuginfognash-debugsourcegnash-develperl-DBD-Pgperl-DBD-Pg-debuginfoperl-DBD-Pg-debugsourcelibpython2_7-1_0libpython2_7-1_0-32bitlibpython2_7-1_0-debuginfolibpython2_7-1_0-debuginfo-32bitlibpython2_7-1_0-debuginfo-x86libpython2_7-1_0-x86python-basepython-base-32bitpython-base-debuginfopython-base-debuginfo-32bitpython-base-debuginfo-x86python-base-debugsourcepython-base-x86python-develpython-xmlpython-xml-debuginfopython-docpython-doc-pdflibpython3_2mu1_0libpython3_2mu1_0-32bitlibpython3_2mu1_0-debuginfolibpython3_2mu1_0-debuginfo-32bitlibpython3_2mu1_0-debuginfo-x86libpython3_2mu1_0-x86python3-2to3python3-basepython3-base-debuginfopython3-base-debugsourcepython3-develpython3-devel-debuginfopython3-idlepython3-toolspython3-xmlpython3-xml-debuginfopython3-docpython3-doc-pdflibziplibzip-debuginfolibzip-debugsourcelibzip-devellibzip2libzip2-debuginfobuild-initvmbuild-initvm-debuginfobuild-initvm-debuginfo-32bitbuild-initvm-debuginfo-i586build-initvm-debuginfo-x86build-initvm-i586build-mkbaselibs-slebuildbuild-mkbaselibsbuild-mkdrpmsobs-service-download_filesobs-service-format_spec_fileobs-service-source_validatoroscpostgresql-devel-32bitpostgresql-develpostgresql-devel-debuginfo-32bitpostgresql-devel-debuginfopostgresql-devel-debuginfo-x86postgresql-libspostgresql-libs-debugsourcepostgresqlpostgresql-contribpostgresql-contrib-debuginfopostgresql-debuginfopostgresql-debugsourcepostgresql-docspostgresql-plperlpostgresql-plperl-debuginfopostgresql-plpythonpostgresql-plpython-debuginfopostgresql-pltclpostgresql-pltcl-debuginfopostgresql-serverpostgresql-server-debuginfosystemd-gtksystemd-gtk-debuginfosystemd-gtk-debugsourcelibreoffice-testtoollibreoffice-testtool-debuginfonginx-1.0nginx-1.0-debuginfonginx-1.0-debugsourcepython-pampython-pam-debuginfopython-pam-debugsourcefile-32bitfilefile-debuginfo-32bitfile-debuginfofile-debugsourcefile-develpython-magicphpPgAdminlibtag-devellibtag1libtag1-32bitlibtag1-debuginfolibtag1-debuginfo-32bitlibtag1-debuginfo-x86libtag1-x86libtag_c0libtag_c0-32bitlibtag_c0-debuginfolibtag_c0-debuginfo-32bitlibtag_c0-debuginfo-x86libtag_c0-x86taglibtaglib-debugsourcelibpng12-0-debuginfo-x86libpng12-0-x86libpng14-14-debuginfo-x86libpng14-14-x86python-virtinstvirt-managercobblercobbler-webkoant1libt1lib-debuginfot1lib-debugsourcet1lib-develrpm-pythonrpm-python-debuginforpm-python-debugsourcerpm-32bitrpmrpm-debuginfo-32bitrpm-debuginforpm-debuginfo-x86rpm-debugsourcerpm-develrpm-x86cifs-utilscifs-utils-debuginfocifs-utils-debugsourcemailmanmailman-debuginfomailman-debugsourcelibmysqlclusterclient16libmysqlclusterclient16-debuginfolibmysqlclusterclient_r16libmysqlclusterclient_r16-debuginfomysql-clustermysql-cluster-benchmysql-cluster-bench-debuginfomysql-cluster-clientmysql-cluster-client-debuginfomysql-cluster-debugmysql-cluster-debug-debuginfomysql-cluster-debuginfomysql-cluster-debugsourcemysql-cluster-ndb-extramysql-cluster-ndb-extra-debuginfomysql-cluster-ndb-managementmysql-cluster-ndb-management-debuginfomysql-cluster-ndb-storagemysql-cluster-ndb-storage-debuginfomysql-cluster-ndb-toolsmysql-cluster-ndb-tools-debuginfomysql-cluster-testmysql-cluster-test-debuginfomysql-cluster-toolsmysql-cluster-tools-debuginfolibsnmp30-32bitlibsnmp30libsnmp30-debuginfo-32bitlibsnmp30-debuginfolibsnmp30-debuginfo-x86libsnmp30-x86net-snmpnet-snmp-debuginfonet-snmp-debugsourcenet-snmp-devel-32bitnet-snmp-develperl-SNMPperl-SNMP-debuginfosnmp-mibsNetworkManagerNetworkManager-langlibnm-glib-vpn1-debuginfolibnm-glib4-32bitlibnm-util2libnm-util2-32bitlibnm-util2-debuginfo-32bitlibnm-glib-vpn1NetworkManager-devellibnm-glib4NetworkManager-debugsourcelibnm-glib4-debuginfo-32bitNetworkManager-devel-32bitlibnm-glib-vpn1-debuginfo-32bitNetworkManager-debuginfolibnm-glib4-debuginfolibnm-glib-vpn1-32bitlibnm-util2-debuginfognome-control-centerlibgnome-control-center1-debuginfognome-control-center-develgnome-control-center-debugsourcegnome-control-center-branding-upstreamgnome-control-center-debuginfognome-control-center-langlibgnome-control-center1gnome-control-center-user-faceswpa_supplicantwpa_supplicant-debugsourcewpa_supplicant-debuginfowpa_supplicant-guiwpa_supplicant-gui-debuginfojakarta-poijakarta-poi-javadocjakarta-poi-manualpidgin-otrpidgin-otr-debuginfopidgin-otr-debugsourcelibfreebl3-debuginfo-x86-debuginfolibsoftokn3-debuginfo-x86-debuginfomozilla-nss-certs-debuginfo-x86-debuginfomozilla-nss-debuginfo-x86-debuginfomozilla-nss-sysinit-debuginfo-x86-debuginfomozilla-js-debuginfo-x86-debuginfoxulrunner-debuginfo-x86-debuginfopython-tornadosocatsocat-debuginfosocat-debugsourcekrb5-debuginfo-x86-debuginfolibtiff3-debuginfo-x86-debuginfoviewvcaccountsserviceaccountsservice-debuginfoaccountsservice-debugsourceaccountsservice-develaccountsservice-langlibaccountsservice0libaccountsservice0-debuginfolibpython3_2mu1_0-debuginfo-x86-debuginfopython3python3-32bitpython3-cursespython3-curses-debuginfopython3-dbmpython3-dbm-debuginfopython3-debuginfopython3-debuginfo-32bitpython3-debuginfo-x86python3-debuginfo-x86-debuginfopython3-debugsourcepython3-tkpython3-tk-debuginfopython3-x86libgdatalibgdata-debugsourcelibgdata-devellibgdata-langlibgdata13libgdata13-32bitlibgdata13-debuginfolibgdata13-debuginfo-32bitlibgdata13-debuginfo-x86libgdata13-debuginfo-x86-debuginfolibgdata13-x86proftpdproftpd-debuginfoproftpd-debugsourceproftpd-develproftpd-docproftpd-ldapproftpd-ldap-debuginfoproftpd-mysqlproftpd-mysql-debuginfoproftpd-pgsqlproftpd-pgsql-debuginfoproftpd-radiusproftpd-radius-debuginfoproftpd-sqliteproftpd-sqlite-debuginfobind-libs-debuginfo-x86-debuginfogypsygypsy-debuginfogypsy-debugsourcelibgypsy-devellibgypsy0libgypsy0-debuginfobashbash-debuginfo-32bitbash-debuginfobash-debuginfo-x86bash-debugsourcebash-develbash-docbash-langbash-loadablesbash-loadables-debuginfobash-x86libreadline6-32bitlibreadline6libreadline6-debuginfo-32bitlibreadline6-debuginfolibreadline6-debuginfo-x86libreadline6-x86readline-devel-32bitreadline-develreadline-docgdk-pixbufgdk-pixbuf-debugsourcegdk-pixbuf-develgdk-pixbuf-devel-debuginfogdk-pixbuf-langgdk-pixbuf-query-loadersgdk-pixbuf-query-loaders-32bitgdk-pixbuf-query-loaders-debuginfogdk-pixbuf-query-loaders-debuginfo-32bitgdk-pixbuf-query-loaders-debuginfo-x86gdk-pixbuf-query-loaders-x86libgdk_pixbuf-2_0-0libgdk_pixbuf-2_0-0-32bitlibgdk_pixbuf-2_0-0-debuginfolibgdk_pixbuf-2_0-0-debuginfo-32bitlibgdk_pixbuf-2_0-0-debuginfo-x86libgdk_pixbuf-2_0-0-x86rocksndiamondsrocksndiamonds-debuginforocksndiamonds-debugsourcelibexiflibexif-debugsourcelibexif-devellibexif12libexif12-32bitlibexif12-debuginfolibexif12-debuginfo-32bitlibexif12-debuginfo-x86libexif12-x86arpwatcharpwatch-debuginfoarpwatch-debugsourcearpwatch-ethercodes-buildlibjpeg-turbolibjpeg-turbo-debuginfolibjpeg-turbo-debugsourcelibjpeg62-32bitlibjpeg62libjpeg62-debuginfo-32bitlibjpeg62-debuginfolibjpeg62-debuginfo-x86libjpeg62-devel-32bitlibjpeg62-devellibjpeg62-x86rhythmboxrhythmbox-debuginforhythmbox-debugsourcerhythmbox-develrhythmbox-langglade-catalog-vtegnome-pty-helpergnome-pty-helper-debuginfolibvte2_90-9libvte2_90-9-debuginfovtevte-debugsourcevte-develvte-langvte-toolsvte-tools-debuginfoglade3-catalog-vtelibvte9libvte9-debuginfopython-vtepython-vte-debuginfovte2vte2-debugsourcevte2-develvte2-langvte2-toolsvte2-tools-debuginfolibxml2-pythonlibxml2-python-debuginfolibxml2-python-debugsourcedovecot20dovecot20-backend-mysqldovecot20-backend-mysql-debuginfodovecot20-backend-pgsqldovecot20-backend-pgsql-debuginfodovecot20-backend-sqlitedovecot20-backend-sqlite-debuginfodovecot20-debuginfodovecot20-debugsourcedovecot20-develdovecot20-fts-solrdovecot20-fts-solr-debuginfoibm-data-db2libmono-2_0-1libmono-2_0-1-debuginfolibmono-2_0-devellibmonosgen-2_0-0libmonosgen-2_0-0-debuginfolibmonosgen-2_0-develmono-completemono-coremono-core-debuginfomono-core-debugsourcemono-datamono-data-oraclemono-data-postgresqlmono-data-sqlitemono-develmono-devel-debuginfomono-extrasmono-locale-extrasmono-mvcmono-nunitmono-wcfmono-webmono-winformsmono-winfxcoremonodoc-corepython-djangoperl-YAML-LibYAMLperl-YAML-LibYAML-debuginfoperl-YAML-LibYAML-debugsourcekoffice2-dockoffice2koffice2-debuginfokoffice2-debugsourcekoffice2-develkoffice2-karbonkoffice2-karbon-debuginfokoffice2-kexikoffice2-kexi-debuginfokoffice2-kformulakoffice2-kformula-debuginfokoffice2-kplatokoffice2-kplato-debuginfokoffice2-kpresenterkoffice2-kpresenter-debuginfokoffice2-kritakoffice2-krita-debuginfokoffice2-kspreadkoffice2-kspread-debuginfokoffice2-kthesauruskoffice2-kthesaurus-debuginfokoffice2-kwordkoffice2-kword-debuginfolibpcp-devellibpcp-devel-debuginfolibpcp3libpcp3-debuginfopcppcp-debuginfopcp-debugsourcepcp-import-iostat2pcppcp-import-mrtg2pcppcp-import-sar2pcppcp-import-sheet2pcpperl-PCP-LogImportperl-PCP-LogImport-debuginfoperl-PCP-LogSummaryperl-PCP-MMVperl-PCP-MMV-debuginfoperl-PCP-PMDAperl-PCP-PMDA-debuginfolibupsclient1libupsclient1-debuginfonutnut-cginut-cgi-debuginfonut-debuginfonut-debugsourcenut-develnut-drivers-netnut-drivers-net-debuginfootrsotrs-docotrs-itsmlibnm-glib-vpn1-debuginfo-x86libnm-glib-vpn1-x86libnm-glib4-debuginfo-x86libnm-glib4-x86libnm-util2-debuginfo-x86libnm-util2-x86inninn-debuginfoinn-debugsourceinn-develmininewsmininews-debuginfoqemuqemu-debuginfoqemu-debugsourceghostscript-develghostscript-fonts-otherghostscript-fonts-rusghostscript-fonts-stdghostscript-ijs-develghostscript-libraryghostscript-library-debuginfoghostscript-library-debugsourceghostscript-x11ghostscript-x11-debuginfolibgimpprintlibgimpprint-debuginfolibgimpprint-develghostscript-minighostscript-mini-debuginfoghostscript-mini-debugsourcedebdeb-debuginfodeb-debugsourcedeb-develdeb-langupdate-alternativesupdate-alternatives-debuginfoupdate-alternatives-debugsourcemozilla-kde4-integrationmozilla-kde4-integration-debuginfomozilla-kde4-integration-debugsourcehostapdhostapd-debuginfohostapd-debugsourcelibproxy-pluginslibproxy-plugins-debugsourcelibproxy1-config-gnome3libproxy1-config-gnome3-32bitlibproxy1-config-gnome3-debuginfolibproxy1-config-gnome3-debuginfo-32bitlibproxy1-config-gnome3-debuginfo-x86libproxy1-config-gnome3-x86libproxy1-config-kde4libproxy1-config-kde4-32bitlibproxy1-config-kde4-debuginfolibproxy1-config-kde4-debuginfo-32bitlibproxy1-config-kde4-debuginfo-x86libproxy1-config-kde4-x86libproxy1-networkmanagerlibproxy1-networkmanager-32bitlibproxy1-networkmanager-debuginfolibproxy1-networkmanager-debuginfo-32bitlibproxy1-networkmanager-debuginfo-x86libproxy1-networkmanager-x86libproxy1-pacrunner-mozjslibproxy1-pacrunner-mozjs-32bitlibproxy1-pacrunner-mozjs-debuginfolibproxy1-pacrunner-mozjs-debuginfo-32bitlibproxy1-pacrunner-mozjs-debuginfo-x86libproxy1-pacrunner-mozjs-x86libproxy1-pacrunner-webkitlibproxy1-pacrunner-webkit-32bitlibproxy1-pacrunner-webkit-debuginfolibproxy1-pacrunner-webkit-debuginfo-32bitlibproxy1-pacrunner-webkit-debuginfo-x86libproxy1-pacrunner-webkit-x86libproxylibproxy-debugsourcelibproxy-devellibproxy-sharplibproxy-toolslibproxy-tools-debuginfolibproxy1libproxy1-32bitlibproxy1-debuginfolibproxy1-debuginfo-32bitlibproxy1-debuginfo-x86libproxy1-x86perl-Net-Libproxyperl-Net-Libproxy-debuginfopython-libproxylibmysqlclient18-debuginfo-x86-debuginfo0:1.5.8-2.10.10:3.7.10-3.4.10:1.6.0.0_b24.1.11.5-16.10:4.80.1-5.4.10:0.1.15-2.5.10:0.9.0.2-9.4.10:16.0.2-2.50.10:16.0.2-33.39.10:1.4.5.+16.0.2-33.39.10:2.13.2-2.41.10:16.0.2-2.45.10:2.0.20-7.3.10:1.8.7.p357-2.6.10:2.6.8-19.9.10:1.9.1-24.3.10:1.8.5-71.4.10:3.5.3-1.31.10:12.10-26.10:3.5.4.13-4.11.10:11.2.202.251-34.10:11.60-3.10:3.2.1-11.4.10:4-11.10:1.8.4-3.33.10:4.1.3_04-1.21.10:4.1.3_04_k3.1.10_1.16-1.21.10:1.3.1-17.10:1.3.7-2.5.10:4.7.2-5.10.10:0.3.6-1.4.10:17.0-2.54.10:17.0-33.43.10:1.4.6+17.0-33.43.10:17.0-2.49.10:2.14-2.45.10:0.5.1-3.4.10:2.1.10-2.4.10:5.0.24-2.6.10:0.1.2-12.6.10:3.0.18-3.4.10:2.6.11-28.30.10:25.0.1343.0-1.43.10:1.2.3-13.4.10:2.7.8+git20110708-3.15.10:4.1.3_06-1.25.10:4.1.3_06_k3.1.10_1.16-1.25.10:9.8.4P1-4.28.10:11.2.202.258-38.10:25.0.1362.0-1.47.10:4.2.2-6.3.10:1.3.3-3.7.10:6.0.33-3.7.10:12.12-34.10:5.2.13-2.8.10:5.5.28-3.14.10:4.7.4-19.13.10:1.3.3-3.11.10:6.0.33-3.11.10:1.3.14-2.10:18.0-2.58.20:17.0.2-33.47.20:1.5.0+17.0.2-33.47.20:4.9.4-3.11.10:3.14.1-9.21.30:2.15-2.49.10:17.0.2-2.53.10:11.2.202.261-42.10:2.1.12-12.10:9.4.1-3.13.10:9.5.3-3.13.10:2.4.7-9.10:3.3.1-9.5.10:3.1.23-2.6.10:4.7.4-19.17.10:1.5.1-5.11.10:26.0.1383.0-1.51.10:4.1.22-3.9.10:4.1.22_k3.1.10_1.16-3.9.10:8.14-3.19.10:3.16.4.0-1.36.10:2.2.21-3.9.10:1.6.18-2.4.10:1.8.5-3.37.10:2.3.16-3.9.30:2.3.16-2.7.10:2.3.16-3.16.20:2.3.16-3.12.20:2.3.16-3.9.20:2.3.16-3.13.10:1.1.5-3.5.10:2.3.16-3.9.10:3.6.3-34.16.10:1.34b-34.16.10:1.0.2-34.16.10:2.0.5-34.16.10:1.2.9-34.16.10:0.9.11-34.16.10:0.9.6-3.13.10:12.13-38.10:3.0.3-5.11.10:0.48.2-2.4.10:3.2.1-2.4.10:12.14-38.10:1.6.0.0_b27.1.12.2-24.10:11.2.202.262-46.10:9.1.8-21.10:11.2.202.270-50.10:3.0.1-313.6.10:2.3.17-3.13.20:2.3.17-2.11.10:2.3.17-3.20.20:2.3.17-3.16.10:2.3.17-3.13.10:2.3.17-3.17.10:1.1.6-3.9.10:2.5.11-3.4.10:1.0.0k-34.20.10:19.0-2.62.10:17.0.3-33.51.10:1.5.1+17.0.3-33.51.10:2.0-2.32.30:2.16-2.53.10:17.0.3-2.57.10:1.6.0.0_b27.1.12.3-28.10:9.4.1-3.17.10:9.5.4-3.17.10:1.7.7-3.4.10:4.7.4-19.21.10:2.10.1-8.18.10:3.1.10-1.19.10:3.1.10-1.19.20:11.2.202.273-54.10:1.8.2-2.14.10:1.900.1-149.3.10:3.4.8-1.7.10:1.6.0.0_b27.1.12.4-32.10:2.1.3.18185.0-22.4.10:1.8.6-3.41.10:27.0.1425.0-1.55.10:19.0.2-2.66.10:1.9.1-24.16.10:17.0.4-2.61.10:2.16.1-2.57.10:2.12-27.7.10:5.14.2-9.10:17.0.4-33.55.10:1.5.1+17.0.4-33.55.10:2.42-1.4.10:11.2.202.275-58.10:0.7.13-8.5.10:0.13.7-2.4.10:2.7.8+git20110708-3.20.10:3.0.21-7.4.10:6.7.2.7-5.8.10:1.3.12-14.4.10:2.1.6-5.4.10:0.97.7-11.10:1.8.7.p357-2.10.10:0.8.4-16.6.10:1.1.26-15.11.10:18.0.972.0-1.5.20:3.7.12.6-1.9.10:2.7.6-1.13.10:2.4.7-3.10:9.8.4P2-4.32.10:4.2.4.P2-0.6.21.10:3.0.1-313.10.10:0.15.1-1.5.10:2.2.21-3.13.10:4.1.4_02-1.29.10:4.1.4_02_k3.1.10_1.19-1.29.10:2.14.1-14.18.10:20.0-2.70.30:17.0.5-33.59.30:1.5.1+17.0.5-33.59.30:4.9.6-3.15.10:3.14.3-9.29.20:2.17-2.61.20:17.0.5-2.65.20:2.3.17-3.24.10:2.3.17-3.20.10:2.3.17-3.21.10:9.1.9-25.10:12.15-49.10:1.6.21-2.17.10:0.75.4-2.5.10:11.2.202.280-62.10:7.22.0-2.14.10:1.3.2-22.10:9.0-2.6.10:9.0-33.6.10:1.3.4+9.0-33.6.10:1.99.05-2.7.10:1.9.2.25-2.6.20:2.6-2.5.10:2.7.8+git20110708-3.24.10:3.13.1-9.11.10:1.9.1-24.20.10:1.6.0.0_b27.1.12.5-36.20:7.6_1.10.4-36.9.20:4.5.3-5.11.10:0.7.1-3.7.10:3.0.3-5.15.10:2.4.0-155.3.10:0.97.8-15.10:3.9.5-8.17.10:3.6.3-34.20.10:1.34b-34.20.10:1.0.2-34.20.10:2.0.5-34.20.10:1.2.9-34.20.10:0.9.11-34.20.10:11.2.202.285-70.10:2.0.18-7.4.10:1.8.7-3.45.10:3.1.10-1.23.1.g8645a720:3.1.10-1.23.2.g8645a720:1.0.2-5.3.10:3.1.10-1.29.10:3.1.10-1.29.20:3.4.9-1.19.10:11.1.102.55-3.10:2.4.2-69.3.10:12.1-4.2.10:2.10.1-8.9.10:5.3.8-4.9.20:2.0.10-10.3.10:5.0-7.6.10:8.0-2.3.20:8.0-33.3.20:1.3.3+8.0-33.3.20:1.99.05-2.3.20:3.12.11-9.8.10:1.9.2.24-2.3.10:8.0-2.3.10:3.12.11-6.20:4.6.1-5.3.10:0.9.1.90-3.15.10:2.3.14-3.3.10:2.3.14-2.3.10:4.7.4-19.6.10:9.4.1-3.7.10:9.4.7-3.7.10:1.0.0e-34.3.10:4.2.3.P2-0.6.7.10:1.3.3-3.4.20:6.0.33-3.4.20:0.9.6-3.3.10:1.4.11-3.3.10:1.8.7.p357-2.3.10:7.22.0-2.3.10:0.15.1-1.7.10:2.3.5-3.4.10:1.0.6-1.3.10:3.1.9-1.4.10:3.1.9-1.4.20:3.6.3-34.6.10:1.34b-34.6.10:1.0.2-34.6.10:2.0.5-34.6.10:1.2.9-34.6.10:0.9.11-34.6.10:1.4.30-2.3.10:1.8.2-2.5.10:18.0.1022.0-1.7.20:3.8.9.0-1.11.10:9.8.1P1-4.4.10:10.0-2.17.30:10.0-33.8.30:1.3.5+10.0-33.8.30:1.99.07-2.13.10:1.9.2.26-2.8.30:2.7-2.9.20:1.0.0e-34.5.10:2.9.22-7.3.10:11.61-6.10:1.1.26-15.3.10:10.0.1-2.19.10:10.0.1-33.10.10:1.3.5+10.0.1-33.10.10:2.7.1-2.11.10:3.0.3-5.3.10:1.12.12-169.4.10:1.1.8-2.3.10:4.3.11-2.4.10:3.3.13-3.3.30:5.0.18-2.3.10:5.1.15-7.3.10:2.2.21-3.6.10:11.1.102.62-7.10:10.0.2-2.21.10:10.0.2-33.12.10:1.3.5+10.0.2-33.12.10:1.9.2.27-2.10.10:2.7.2-2.13.10:1.2.3-10.3.10:3.4.10.1-1.21.10:1.6.0.0_b24.1.11.1-3.10:1.2.47-9.3.10:1.4.9-3.3.10:37-3.8.10:1.3.2-12.3.10:1.0.7-6.4.10:2.7.8+git20110708-3.5.10:19.0.1046.0-1.9.10:3.9.7.0-1.13.10:5.06.0-142.3.20:1.0.0e-34.7.10:11.1.102.63-9.10:2.3.2-65.3.10:12.1-4.4.10:1.0.9-8.10:0.8.8-9.3.10:1.2-3.10:19.0.1066.0-1.11.20:3.9.13.0-1.15.10:2.18.0-3.4.10:11.0-2.23.10:11.0-33.14.10:1.4.0+11.0-33.14.10:1.99.08-2.15.20:4.9.0-3.3.10:3.13.3-9.13.10:1.9.2.28-2.12.20:2.8-2.15.10:2.7.2-7.14.10:2.7-7.14.10:3.2.1-5.6.20:3.2-5.6.10:0.10-28.3.10:2012.03.06-2.4.10:0.3-5.4.10:0.4.1-13.4.10:0.2-3.5.10:0.134.1-2.4.10:0.8.8-9.6.10:9.1.3-3.7.20:9.1.3-3.7.10:1.2.48-9.6.10:1.4.10-3.6.10:3.0.3-5.8.10:37-3.11.10:3.4.5.5-4.5.10:3.4.5.5-2.4.10:1.0.10-3.4.10:0.5.0-79.12.10:5.08-7.4.10:3.4.7.1-1.3.10:1.0.0e-34.9.10:11.2.202.228-12.10:19.0.1079.0-1.14.10:3.9.24.1-1.18.10:2.4.7-6.10:5.0.4-4.10:1.7-8.4.10:1.2.49-9.9.10:1.4.11-3.9.10:3.4.10.2-1.24.10:3.9.5-8.4.10:0.600.1-4.10.10:0.9.1-5.10.10:4.1.2_16-1.7.10:4.1.2_16_k3.1.9_1.4-1.7.10:5.3.8-4.12.20:20.0.1094.0-1.17.20:3.10.0.5-1.21.10:3.1.10-1.9.10:3.1.10-1.9.20:1.0.0e-34.12.10:3.6.3-34.11.10:1.34b-34.11.10:1.0.2-34.11.10:2.0.5-34.11.10:1.2.9-34.11.10:0.9.11-34.11.10:9.4.1-3.10.10:9.5.1-3.10.10:1.4.12-3.8.10:2.7.6-1.7.10:2.2.1-7.10.10:5.06.0-142.6.10:5.1.2-15.7.10:4.9.1.2-4.10:4.9-7.7.10:6.7.2.7-5.5.10:12.0-2.26.10:12.0-33.20.10:1.4.1+12.0-33.20.10:2.9-2.18.10:3.6.3-34.12.10:1.34b-34.12.10:1.0.2-34.12.10:2.0.5-34.12.10:1.2.9-34.12.10:0.9.11-34.12.10:11.62-9.10:2.1.14-10.6.10:8.14-3.4.10:5.3.8-4.15.20:1.7-8.7.10:11.2.202.235-21.10:7.1.21-2.4.10:20.0.1128.0-1.20.10:3.10.8.1-1.24.10:5.7.1-3.8.10:0.9.1.90-3.4.10:0.9.1.90-4.3.10:0.7.3-10.3.10:2.5.1-12.4.10:1.8.2-2.8.10:21.0.1145.0-1.23.10:3.11.3.0-1.27.10:1.4.13-3.12.10:2.2.1-7.13.10:5.3.8-4.21.20:2.7.8+git20110708-3.8.10:4.5.3-5.4.10:3.2.0-151.5.10:9.8.1P1-4.11.10:13.0-2.30.10:13.0-33.23.20:1.4.2+13.0-33.23.20:1.99.08-2.18.30:3.13.5-9.16.10:2.10-2.21.20:13.0-2.29.20:11.2.202.236-24.10:2.3-2.4.10:1.7.1.3-8.4.10:7.1.22-2.7.10:1.6.0.0_b24.1.11.3-6.20:1.9.1-24.6.10:5.3.8-4.24.10:0.97.5-4.10:12.00-16.10:3.9.5-8.7.10:0.7.1-3.4.10:0.15.1-1.10.10:1.1.15-4.4.10:3.1.10-1.16.10:3.1.10-1.16.20:0.6.15-2.4.10:3.2.1-5.9.10:3.2-5.9.10:22.0.1190.0-1.26.20:3.12.5.0-1.30.10:0.10.1-2.4.10:2.10.1-8.12.10:1.3.3g-2.3.10:9.8.3P1-4.14.10:1.1.26-15.8.10:0.8-7.4.10:4.1.2_17-1.10.10:4.1.2_17_k3.1.10_1.16-1.10.10:2.7.6-1.10.10:4.2-1.14.10:6.2-1.14.10:2.24.0-2.4.10:3.3.0.1-84.4.10:2.10.1-8.15.10:0.6.20-10.4.10:2.1a15-144.4.10:2.5-2.3.10:14.0.1-2.33.10:14.0.1-2.32.20:2.10.0-8.3.10:14.0-33.26.20:1.4.3+14.0-33.26.20:14.0-33.26.10:1.4.3+14.0-33.26.10:2.11-2.24.20:2.2.21-3.4.10:3.9.5-8.10.10:1.1.1-10.4.10:62.0.0-10.4.10:0.13.3-17.7.10:1.4.14-3.17.10:0.30.1-2.4.10:0.28.2-4.4.10:1.4.11-3.12.10:2.7.8+git20110708-3.3.10:9.8.3P2-4.17.10:2.0.16-2.3.10:2.10.6-2.4.10:1.5.1-5.4.10:1.3.2-3.4.10:1.9.1-24.9.10:2.7.8+git20110708-3.11.10:2.3.14-3.8.10:1.2.1-6.10:5.3.8-4.27.10:0.9.6-3.9.10:12.01-19.10:22.0.1226.0-1.29.10:3.12.19.1-1.33.10:0.37-2.4.10:4.2.4.P1-0.6.10.10:1.2.1-10.10:2.3.1-12.4.10:11.2.202.238-27.10:3.6.5-5.4.10:1.4.15-3.20.10:2.6.1-3.4.10:3.5.2.2-1.27.10:2.6.11-28.26.10:3.0.15-15.4.10:3.0.6-15.4.10:15.0-2.36.10:15.0-33.29.10:1.4.4+15.0-33.29.10:4.9.2-3.6.10:3.13.6-9.17.10:2.12-2.27.10:15.0-2.35.10:5.3.8-4.34.10:12.02-22.10:17.0.945.0-1.3.20:3.7.8.0-1.3.10:1.6.0.0_b24.1.11.4-12.10:23.0.1255.0-1.34.10:0.9.1.90-4.11.10:2.5.2-9.4.10:0.15.1-1.13.10:4.1.3_01-1.13.10:4.1.3_01_k3.1.10_1.16-1.13.10:0.14.1-7.6.10:2.3.14-3.11.20:2.1.12-4.10:3.0.16-15.8.10:3.0.6-15.8.10:9.00-13.4.10:4.2.7-13.4.10:9.8.3P3-4.20.10:2.6.8-19.4.10:1.15.8.10-9.6.10:4.2.4.P2-0.6.13.10:9.1.5-3.10.10:1.5.8-2.6.10:4.1.22-3.5.10:4.1.22_k3.1.10_1.16-3.5.10:9.4.1-3.5.10:9.4.6-3.4.10:1.8.3-3.29.10:0.15.1-1.3.10:11.2.202.243-30.10:16.0.1-2.46.10:16.0.1-33.35.10:1.4.5.+16.0.1-33.35.10:0.6.4-6.4.10:2.13.1-2.37.10:16.0.1-2.41.10:0.7.3-2.4.10:24.0.1290.0-1.39.10:9.8.3P4-4.24.10:0.4.7-7.7.10:5.5.23-3.6.10:5.2.12-2.5.10:3.0.17-15.12.10:3.0.6-15.12.10:3.9.5-8.13.10:1.0.0e-34.17.10:5.3.8-4.18.10:5.5.25-3.9.2