Marcus Updateinfo to OVAL Converter 5.5 2022-04-29T06:20:08 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. Important CVE-2002-2443 SUSE bug 825985 SUSE bug 871411 SUSE bug 887734 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address. Important CVE-2004-2771 SUSE bug 909208 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. Moderate CVE-2007-2721 SUSE bug 258253 SUSE bug 339731 SUSE bug 340138 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. Important CVE-2007-4772 SUSE bug 329282 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files. Moderate CVE-2007-6209 SUSE bug 346454 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Moderate CVE-2007-6746 SUSE bug 817120 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. Low CVE-2008-7316 SUSE bug 963764 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. Moderate CVE-2009-0269 SUSE bug 470942 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. Moderate CVE-2009-0322 SUSE bug 470943 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. Important CVE-2009-0689 SUSE bug 522109 SUSE bug 545277 SUSE bug 546371 SUSE bug 557126 SUSE bug 557127 SUSE bug 557128 SUSE bug 557671 SUSE bug 590499 SUSE bug 607935 SUSE bug 851803 SUSE bug 958097 SUSE bug 963818 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries. Moderate CVE-2009-1046 SUSE bug 478699 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. Important CVE-2009-5138 SUSE bug 865993 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Moderate CVE-2009-5146 SUSE bug 915976 SUSE bug 919648 SUSE bug 922647 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. Important CVE-2010-2240 SUSE bug 1039348 SUSE bug 211997 SUSE bug 546062 SUSE bug 59807 SUSE bug 615929 SUSE bug 618152 SUSE bug 632737 SUSE bug 643986 SUSE bug 746947 SUSE bug 746949 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. Important CVE-2010-2243 SUSE bug 617903 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library. Moderate CVE-2010-2800 SUSE bug 627753 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library. Moderate CVE-2010-2801 SUSE bug 627753 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. Moderate CVE-2010-5107 SUSE bug 1074631 SUSE bug 802639 SUSE bug 841638 SUSE bug 858359 SUSE bug 880259 SUSE bug 881234 SUSE bug 996040 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. Moderate CVE-2010-5110 SUSE bug 845765 SUSE bug 970115 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842. Moderate CVE-2010-5313 SUSE bug 905312 SUSE bug 907822 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. Moderate CVE-2011-1083 SUSE bug 676204 SUSE bug 690537 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. Moderate CVE-2011-1344 SUSE bug 688702 SUSE bug 820928 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. Moderate CVE-2011-2485 SUSE bug 702028 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password. Moderate CVE-2011-2494 SUSE bug 703156 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email. Low CVE-2011-3201 SUSE bug 714939 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Moderate CVE-2011-3970 SUSE bug 746039 SUSE bug 747327 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. Moderate CVE-2011-4028 SUSE bug 722944 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. Moderate CVE-2011-4029 SUSE bug 722944 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal. Moderate CVE-2011-4086 SUSE bug 745832 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume. Important CVE-2011-4127 SUSE bug 738400 SUSE bug 758104 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words. Moderate CVE-2011-4131 SUSE bug 730117 SUSE bug 762992 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value." Moderate CVE-2011-4132 SUSE bug 730118 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization. Moderate CVE-2011-4599 SUSE bug 736146 SUSE bug 740453 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory. Moderate CVE-2011-5321 SUSE bug 922447 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function. Important CVE-2012-0060 SUSE bug 754284 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. Important CVE-2012-0061 SUSE bug 754285 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list. Moderate CVE-2012-0065 SUSE bug 742546 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. Important CVE-2012-0217 SUSE bug 757537 SUSE bug 764077 SUSE bug 785429 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen. Moderate CVE-2012-0218 SUSE bug 757970 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable. Moderate CVE-2012-0420 SUSE bug 770630 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field. Important CVE-2012-0425 SUSE bug 752464 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name. Important CVE-2012-0427 SUSE bug 604730 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references." Low CVE-2012-0547 SUSE bug 777499 SUSE bug 780897 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003. Moderate CVE-2012-0698 SUSE bug 791029 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file. Moderate CVE-2012-0786 SUSE bug 853044 SUSE bug 885003 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. Important CVE-2012-0815 SUSE bug 754281 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests. Moderate CVE-2012-0817 SUSE bug 743986 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. Low CVE-2012-0862 SUSE bug 762294 SUSE bug 844230 SUSE bug 855685 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. Moderate CVE-2012-0864 SUSE bug 747768 SUSE bug 826666 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion. Important CVE-2012-0870 SUSE bug 747934 SUSE bug 752797 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. Moderate CVE-2012-0957 SUSE bug 783515 SUSE bug 783606 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call. Moderate CVE-2012-1097 SUSE bug 750079 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events. Moderate CVE-2012-1146 SUSE bug 750959 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages. Moderate CVE-2012-1179 SUSE bug 752599 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. Important CVE-2012-1182 SUSE bug 747934 SUSE bug 752797 SUSE bug 754443 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the XSLT engine in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing an XSL file that triggers memory corruption when the lang function processes XML data with a crafted node-set. Moderate CVE-2012-1530 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Critical CVE-2012-1531 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Critical CVE-2012-1532 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159. Moderate CVE-2012-1533 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message. Moderate CVE-2012-1586 SUSE bug 754443 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. Moderate CVE-2012-1601 SUSE bug 754898 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. Moderate CVE-2012-1667 SUSE bug 765315 SUSE bug 792926 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder." Critical CVE-2012-1682 SUSE bug 777499 SUSE bug 780897 SUSE bug 785433 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. Moderate CVE-2012-1956 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2012-1970 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors. Critical CVE-2012-1971 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-1972 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-1973 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-1974 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-1975 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-1976 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. Important CVE-2012-2110 SUSE bug 758060 SUSE bug 778825 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection. Moderate CVE-2012-2111 SUSE bug 754443 SUSE bug 757576 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length. Moderate CVE-2012-2119 SUSE bug 758243 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service (reference leak and memory consumption) by making many connections to a daemon that uses PID namespaces to isolate clients, as demonstrated by vsftpd. Important CVE-2012-2127 SUSE bug 757783 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. Moderate CVE-2012-2132 SUSE bug 758431 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data. Moderate CVE-2012-2133 SUSE bug 758532 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. Important CVE-2012-2136 SUSE bug 765320 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. Moderate CVE-2012-2137 SUSE bug 767612 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. Low CVE-2012-2150 SUSE bug 939367 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. Moderate CVE-2012-2313 SUSE bug 758813 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020. Moderate CVE-2012-2319 SUSE bug 760902 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow. Moderate CVE-2012-2370 SUSE bug 762735 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping. Moderate CVE-2012-2372 SUSE bug 767610 SUSE bug 795039 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition. Moderate CVE-2012-2373 SUSE bug 762991 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words in an FATTR4_ACL reply. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-4131. Moderate CVE-2012-2375 SUSE bug 762992 SUSE bug 851103 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service (memory consumption or system crash) via invalid MAP_HUGETLB mmap operations. Moderate CVE-2012-2390 SUSE bug 764150 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file. Moderate CVE-2012-2652 SUSE bug 764526 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. Moderate CVE-2012-2745 SUSE bug 770695 SUSE bug 795039 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. Moderate CVE-2012-2825 SUSE bug 769181 SUSE bug 769182 SUSE bug 849019 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217. Moderate CVE-2012-2934 SUSE bug 764077 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089. Critical CVE-2012-3143 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1533. Moderate CVE-2012-3159 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Low CVE-2012-3216 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. Moderate CVE-2012-3375 SUSE bug 769896 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Moderate CVE-2012-3381 SUSE bug 770234 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. Moderate CVE-2012-3382 SUSE bug 769799 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. Moderate CVE-2012-3400 SUSE bug 769784 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. Moderate CVE-2012-3404 SUSE bug 770891 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404. Moderate CVE-2012-3405 SUSE bug 770891 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. Moderate CVE-2012-3406 SUSE bug 770891 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. Important CVE-2012-3412 SUSE bug 774523 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny. Moderate CVE-2012-3417 SUSE bug 772570 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads. Moderate CVE-2012-3418 SUSE bug 775009 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. Moderate CVE-2012-3419 SUSE bug 775010 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c. Moderate CVE-2012-3420 SUSE bug 775009 SUSE bug 775011 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw." Moderate CVE-2012-3421 SUSE bug 775009 SUSE bug 775013 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read. Moderate CVE-2012-3422 SUSE bug 773458 SUSE bug 818768 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet. Important CVE-2012-3423 SUSE bug 773458 SUSE bug 818768 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. Moderate CVE-2012-3430 SUSE bug 773383 SUSE bug 795039 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions. Moderate CVE-2012-3432 SUSE bug 773393 SUSE bug 773401 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. Moderate CVE-2012-3438 SUSE bug 773612 SUSE bug 785093 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow. Moderate CVE-2012-3461 SUSE bug 777468 SUSE bug 789190 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. Moderate CVE-2012-3480 SUSE bug 775690 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP4 Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. Moderate CVE-2012-3482 SUSE bug 775988 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register. Moderate CVE-2012-3494 SUSE bug 777090 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. Moderate CVE-2012-3495 SUSE bug 777088 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand. Moderate CVE-2012-3496 SUSE bug 777091 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id. Moderate CVE-2012-3497 SUSE bug 777890 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index. Moderate CVE-2012-3498 SUSE bug 777086 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP4 Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow. Moderate CVE-2012-3509 SUSE bug 776968 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." Important CVE-2012-3515 SUSE bug 777084 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus." Important CVE-2012-3524 SUSE bug 697105 SUSE bug 852781 SUSE bug 912016 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP4 mono 2.10.x ASP.NET Web Form Hash collision DoS Moderate CVE-2012-3543 SUSE bug 739119 SUSE bug 963818 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter. Moderate CVE-2012-3570 SUSE bug 772924 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. Moderate CVE-2012-3571 SUSE bug 772924 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries. Moderate CVE-2012-3817 SUSE bug 772945 SUSE bug 792926 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. Moderate CVE-2012-3954 SUSE bug 772924 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced. Moderate CVE-2012-3955 SUSE bug 780167 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-3956 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2012-3957 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-3958 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-3959 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-3960 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-3961 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document. Critical CVE-2012-3962 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2012-3963 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-3964 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window. Critical CVE-2012-3965 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component. Critical CVE-2012-3966 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. Critical CVE-2012-3967 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. Critical CVE-2012-3968 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. Critical CVE-2012-3969 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. Critical CVE-2012-3970 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Moderate CVE-2012-3971 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. Moderate CVE-2012-3972 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port. Critical CVE-2012-3973 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. Moderate CVE-2012-3974 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code. Low CVE-2012-3975 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. Moderate CVE-2012-3976 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4930. Reason: This candidate is a duplicate of CVE-2012-4930. Notes: All CVE users should reference CVE-2012-4930 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-3977 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. Moderate CVE-2012-3978 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function. Moderate CVE-2012-3979 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. Important CVE-2012-3980 SUSE bug 777588 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2012-3982 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2012-3983 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling. Critical CVE-2012-3984 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set. Moderate CVE-2012-3985 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code. Moderate CVE-2012-3986 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Moderate CVE-2012-3987 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation. Moderate CVE-2012-3988 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site. Critical CVE-2012-3989 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. Moderate CVE-2012-3990 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. Moderate CVE-2012-3991 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. Moderate CVE-2012-3992 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. Moderate CVE-2012-3993 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property. Moderate CVE-2012-3994 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. Moderate CVE-2012-3995 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. Moderate CVE-2012-4048 SUSE bug 772738 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. Moderate CVE-2012-4049 SUSE bug 772738 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4179 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2012-4180 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4181 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4182 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4183 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. Moderate CVE-2012-4184 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Moderate CVE-2012-4185 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2012-4186 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors. Critical CVE-2012-4187 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2012-4188 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193. Critical CVE-2012-4192 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. Critical CVE-2012-4193 SUSE bug 783533 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. Moderate CVE-2012-4194 SUSE bug 786522 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. Moderate CVE-2012-4195 SUSE bug 786522 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. Moderate CVE-2012-4196 SUSE bug 786522 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. Moderate CVE-2012-4201 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image. Critical CVE-2012-4202 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark. Moderate CVE-2012-4203 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Critical CVE-2012-4204 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on. Moderate CVE-2012-4205 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. Moderate CVE-2012-4206 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. Moderate CVE-2012-4207 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site. Moderate CVE-2012-4208 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin. Moderate CVE-2012-4209 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet. Critical CVE-2012-4210 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4212 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4213 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840. Critical CVE-2012-4214 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4215 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4216 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4217 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4218 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in a .wmf (Window Meta File) file embedded in a ppt (PowerPoint) file to tllo.dll, or (4) xls (Excel) file to scfiltlo.dll. Moderate CVE-2012-4233 SUSE bug 778669 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record. Important CVE-2012-4244 SUSE bug 780157 SUSE bug 792926 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. Moderate CVE-2012-4285 SUSE bug 776083 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length. Moderate CVE-2012-4288 SUSE bug 776083 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. Moderate CVE-2012-4289 SUSE bug 776083 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. Moderate CVE-2012-4290 SUSE bug 776083 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Moderate CVE-2012-4291 SUSE bug 776083 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2012-4292 SUSE bug 776083 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet. Moderate CVE-2012-4293 SUSE bug 776083 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. Moderate CVE-2012-4296 SUSE bug 776083 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application. Moderate CVE-2012-4398 SUSE bug 778463 SUSE bug 779488 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error. Moderate CVE-2012-4405 SUSE bug 726092 SUSE bug 774185 SUSE bug 779700 SUSE bug 939342 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998. Important CVE-2012-4411 SUSE bug 779212 SUSE bug 786516 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Moderate CVE-2012-4412 SUSE bug 779320 SUSE bug 848783 SUSE bug 882910 SUSE bug 920169 SUSE bug 920338 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot. Moderate CVE-2012-4416 SUSE bug 779714 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 openslp: SLPIntersectStringList()' Function has a DoS vulnerability Important CVE-2012-4428 SUSE bug 778508 SUSE bug 979093 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format. Moderate CVE-2012-4447 SUSE bug 781995 SUSE bug 791607 SUSE bug 854393 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl. Moderate CVE-2012-4461 SUSE bug 787821 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504. Moderate CVE-2012-4505 SUSE bug 784523 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. Moderate CVE-2012-4508 SUSE bug 784192 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." Critical CVE-2012-4512 SUSE bug 787520 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. Moderate CVE-2012-4513 SUSE bug 787520 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated. Important CVE-2012-4515 SUSE bug 787520 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path. Moderate CVE-2012-4522 SUSE bug 791199 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. Moderate CVE-2012-4530 SUSE bug 786013 SUSE bug 841063 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline." Moderate CVE-2012-4535 SUSE bug 779212 SUSE bug 786516 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read. Moderate CVE-2012-4536 SUSE bug 779212 SUSE bug 786516 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability." Moderate CVE-2012-4537 SUSE bug 779212 SUSE bug 786516 SUSE bug 786517 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors. Moderate CVE-2012-4538 SUSE bug 779212 SUSE bug 786516 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability." Moderate CVE-2012-4539 SUSE bug 779212 SUSE bug 786516 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one. Moderate CVE-2012-4540 SUSE bug 787846 SUSE bug 840572 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. Moderate CVE-2012-4544 SUSE bug 779212 SUSE bug 786516 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities. Moderate CVE-2012-4562 SUSE bug 789827 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. Moderate CVE-2012-4564 SUSE bug 781995 SUSE bug 787892 SUSE bug 791607 SUSE bug 854393 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. Moderate CVE-2012-4565 SUSE bug 787576 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class. Important CVE-2012-4681 SUSE bug 777499 SUSE bug 778629 SUSE bug 780897 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 798324 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. Moderate CVE-2012-4929 SUSE bug 1011293 SUSE bug 779952 SUSE bug 793420 SUSE bug 803004 SUSE bug 847895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Moderate CVE-2012-5067 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Important CVE-2012-5068 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency. Important CVE-2012-5069 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX. Moderate CVE-2012-5070 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. Important CVE-2012-5071 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security. Moderate CVE-2012-5072 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079. Moderate CVE-2012-5073 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS. Important CVE-2012-5074 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX. Moderate CVE-2012-5075 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS. Critical CVE-2012-5076 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security. Low CVE-2012-5077 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5080. Critical CVE-2012-5078 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073. Moderate CVE-2012-5079 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5078. Important CVE-2012-5080 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE. Moderate CVE-2012-5081 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors. Moderate CVE-2012-5082 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Critical CVE-2012-5083 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. Important CVE-2012-5084 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE. Low CVE-2012-5085 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. Critical CVE-2012-5086 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. Critical CVE-2012-5087 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Critical CVE-2012-5088 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-3143. Important CVE-2012-5089 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. Moderate CVE-2012-5134 SUSE bug 1123919 SUSE bug 791234 SUSE bug 793334 SUSE bug 795039 SUSE bug 804033 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records. Moderate CVE-2012-5166 SUSE bug 784602 SUSE bug 792926 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Important CVE-2012-5248 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Critical CVE-2012-5249 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Critical CVE-2012-5250 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Critical CVE-2012-5251 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. Critical CVE-2012-5252 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Critical CVE-2012-5253 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Critical CVE-2012-5254 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Critical CVE-2012-5255 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. Critical CVE-2012-5256 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Critical CVE-2012-5257 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. Critical CVE-2012-5258 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Critical CVE-2012-5259 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Critical CVE-2012-5260 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. Critical CVE-2012-5261 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Critical CVE-2012-5262 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. Critical CVE-2012-5263 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Critical CVE-2012-5264 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Critical CVE-2012-5265 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Critical CVE-2012-5266 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. Critical CVE-2012-5267 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. Critical CVE-2012-5268 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. Critical CVE-2012-5269 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. Critical CVE-2012-5270 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. Critical CVE-2012-5271 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. Critical CVE-2012-5272 SUSE bug 784168 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280. Moderate CVE-2012-5274 SUSE bug 788450 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280. Critical CVE-2012-5275 SUSE bug 788450 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and CVE-2012-5280. Critical CVE-2012-5276 SUSE bug 788450 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5280. Critical CVE-2012-5277 SUSE bug 788450 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. Critical CVE-2012-5278 SUSE bug 788450 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Critical CVE-2012-5279 SUSE bug 788450 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277. Critical CVE-2012-5280 SUSE bug 788450 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters. Important CVE-2012-5468 SUSE bug 792939 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors. Moderate CVE-2012-5510 SUSE bug 789945 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. Moderate CVE-2012-5511 SUSE bug 789944 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. Moderate CVE-2012-5512 SUSE bug 789940 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range. Important CVE-2012-5513 SUSE bug 789951 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors. Moderate CVE-2012-5514 SUSE bug 789948 SUSE bug 789988 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value. Moderate CVE-2012-5515 SUSE bug 789950 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. Moderate CVE-2012-5517 SUSE bug 789235 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. Important CVE-2012-5519 SUSE bug 1180148 SUSE bug 789566 SUSE bug 882905 SUSE bug 924208 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file. Moderate CVE-2012-5576 SUSE bug 791372 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image. Moderate CVE-2012-5581 SUSE bug 791607 SUSE bug 854393 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6052. Reason: This candidate is a reservation duplicate of CVE-2012-6052. Notes: All CVE users should reference CVE-2012-6052 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5592 SUSE bug 792005 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6053. Reason: This candidate is a reservation duplicate of CVE-2012-6053. Notes: All CVE users should reference CVE-2012-6053 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5593 SUSE bug 792005 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6054. Reason: This candidate is a reservation duplicate of CVE-2012-6054. Notes: All CVE users should reference CVE-2012-6054 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5594 SUSE bug 792005 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6056. Reason: This candidate is a reservation duplicate of CVE-2012-6056. Notes: All CVE users should reference CVE-2012-6056 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5595 SUSE bug 792005 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6057. Reason: This candidate is a reservation duplicate of CVE-2012-6057. Notes: All CVE users should reference CVE-2012-6057 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5596 SUSE bug 792005 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6059. Reason: This candidate is a reservation duplicate of CVE-2012-6059. Notes: All CVE users should reference CVE-2012-6059 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5597 SUSE bug 792005 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6060. Reason: This candidate is a reservation duplicate of CVE-2012-6060. Notes: All CVE users should reference CVE-2012-6060 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5598 SUSE bug 792005 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6061. Reason: This candidate is a reservation duplicate of CVE-2012-6061. Notes: All CVE users should reference CVE-2012-6061 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5599 SUSE bug 792005 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6062. Reason: This candidate is a reservation duplicate of CVE-2012-6062. Notes: All CVE users should reference CVE-2012-6062 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5600 SUSE bug 792005 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6055. Reason: This candidate is a reservation duplicate of CVE-2012-6055. Notes: All CVE users should reference CVE-2012-6055 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5601 SUSE bug 792005 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6058. Reason: This candidate is a reservation duplicate of CVE-2012-6058. Notes: All CVE users should reference CVE-2012-6058 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5602 SUSE bug 792005 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. Moderate CVE-2012-5611 SUSE bug 792362 SUSE bug 792444 SUSE bug 798753 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands. Moderate CVE-2012-5612 SUSE bug 792443 SUSE bug 798753 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue. Moderate CVE-2012-5613 SUSE bug 792442 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. Moderate CVE-2012-5615 SUSE bug 792440 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt. Moderate CVE-2012-5634 SUSE bug 794316 SUSE bug 800275 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. Moderate CVE-2012-5656 SUSE bug 794958 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function. Moderate CVE-2012-5668 SUSE bug 795826 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. Moderate CVE-2012-5669 SUSE bug 795826 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Important CVE-2012-5676 SUSE bug 794062 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Critical CVE-2012-5677 SUSE bug 794062 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Critical CVE-2012-5678 SUSE bug 794062 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2012-5829 SUSE bug 790140 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. Moderate CVE-2012-5830 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter. Critical CVE-2012-5833 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data. Critical CVE-2012-5835 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. Critical CVE-2012-5836 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. Moderate CVE-2012-5837 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions. Critical CVE-2012-5838 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2012-5839 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214. Critical CVE-2012-5840 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. Moderate CVE-2012-5841 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2012-5842 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2012-5843 SUSE bug 790140 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. Moderate CVE-2012-6075 SUSE bug 797523 SUSE bug 800275 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts. Low CVE-2012-6076 SUSE bug 796306 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet. Moderate CVE-2012-6085 SUSE bug 798465 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. Moderate CVE-2012-6139 SUSE bug 811686 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake. Low CVE-2012-6150 SUSE bug 844720 SUSE bug 853347 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. Important CVE-2012-6152 SUSE bug 861019 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. Moderate CVE-2012-6548 SUSE bug 809902 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. Moderate CVE-2012-6549 SUSE bug 809903 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. Moderate CVE-2012-6656 SUSE bug 894556 SUSE bug 903057 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response. Important CVE-2012-6698 SUSE bug 955762 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response. Important CVE-2012-6699 SUSE bug 955762 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response. Important CVE-2012-6700 SUSE bug 955762 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests. Moderate CVE-2013-0153 SUSE bug 800275 SUSE bug 800802 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. Low CVE-2013-0160 SUSE bug 797175 SUSE bug 841063 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. Moderate CVE-2013-0166 SUSE bug 802648 SUSE bug 802746 SUSE bug 813366 SUSE bug 821818 SUSE bug 833408 SUSE bug 905106 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. Moderate CVE-2013-0169 SUSE bug 1070148 SUSE bug 1103036 SUSE bug 1103597 SUSE bug 802184 SUSE bug 802648 SUSE bug 802746 SUSE bug 803379 SUSE bug 804654 SUSE bug 809839 SUSE bug 813366 SUSE bug 813939 SUSE bug 821818 SUSE bug 905106 SUSE bug 977584 SUSE bug 977616 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. Moderate CVE-2013-0170 SUSE bug 800976 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722. Low CVE-2013-0200 SUSE bug 808355 SUSE bug 836937 SUSE bug 852368 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. Moderate CVE-2013-0213 SUSE bug 799641 SUSE bug 800982 SUSE bug 880220 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. Moderate CVE-2013-0214 SUSE bug 799641 SUSE bug 880220 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. Moderate CVE-2013-0216 SUSE bug 800280 SUSE bug 800801 SUSE bug 801178 SUSE bug 841063 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function. Moderate CVE-2013-0221 SUSE bug 798538 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function. Moderate CVE-2013-0222 SUSE bug 796243 SUSE bug 798538 SUSE bug 798541 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function. Moderate CVE-2013-0223 SUSE bug 798538 SUSE bug 798541 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information. Moderate CVE-2013-0231 SUSE bug 801178 SUSE bug 841063 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. Moderate CVE-2013-0242 SUSE bug 801246 SUSE bug 848783 SUSE bug 882910 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. Moderate CVE-2013-0254 SUSE bug 802634 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. Moderate CVE-2013-0255 SUSE bug 802679 SUSE bug 803057 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. Moderate CVE-2013-0268 SUSE bug 802642 SUSE bug 841063 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. Moderate CVE-2013-0271 SUSE bug 804742 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. Moderate CVE-2013-0272 SUSE bug 804742 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-0273 SUSE bug 804742 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network. Moderate CVE-2013-0274 SUSE bug 804742 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. Moderate CVE-2013-0311 SUSE bug 804656 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. Moderate CVE-2013-0338 SUSE bug 1123919 SUSE bug 805233 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE. Moderate CVE-2013-0339 SUSE bug 805233 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. Moderate CVE-2013-0349 SUSE bug 805227 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions. Critical CVE-2013-0401 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. Moderate CVE-2013-0424 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. Important CVE-2013-0425 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. Important CVE-2013-0426 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. Important CVE-2013-0427 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. Important CVE-2013-0428 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. Important CVE-2013-0429 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." Important CVE-2013-0432 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. Important CVE-2013-0433 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. Important CVE-2013-0434 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements." Important CVE-2013-0435 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. Important CVE-2013-0440 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction." Important CVE-2013-0441 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. Important CVE-2013-0442 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. Important CVE-2013-0443 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. Important CVE-2013-0450 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows attackers to execute arbitrary code via unspecified vectors. Important CVE-2013-0504 SUSE bug 806415 SUSE bug 867808 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623. Critical CVE-2013-0601 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors. Critical CVE-2013-0602 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0604. Critical CVE-2013-0603 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0603. Critical CVE-2013-0604 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623. Critical CVE-2013-0605 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621. Critical CVE-2013-0606 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0608, CVE-2013-0611, CVE-2013-0614, and CVE-2013-0618. Critical CVE-2013-0607 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0611, CVE-2013-0614, and CVE-2013-0618. Critical CVE-2013-0608 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0613. Critical CVE-2013-0609 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0626. Critical CVE-2013-0610 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0614, and CVE-2013-0618. Critical CVE-2013-0611 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621. Critical CVE-2013-0612 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0609. Critical CVE-2013-0613 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0618. Critical CVE-2013-0614 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0617, and CVE-2013-0621. Critical CVE-2013-0615 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623. Critical CVE-2013-0616 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, and CVE-2013-0621. Critical CVE-2013-0617 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0614. Critical CVE-2013-0618 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0620, and CVE-2013-0623. Critical CVE-2013-0619 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, and CVE-2013-0623. Critical CVE-2013-0620 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, and CVE-2013-0617. Critical CVE-2013-0621 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-0624. Critical CVE-2013-0622 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, and CVE-2013-0620. Critical CVE-2013-0623 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-0622. Critical CVE-2013-0624 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0610. Critical CVE-2013-0626 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows local users to gain privileges via unknown vectors. Critical CVE-2013-0627 SUSE bug 797529 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors. Critical CVE-2013-0630 SUSE bug 797442 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. Important CVE-2013-0633 SUSE bug 802809 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013. Important CVE-2013-0634 SUSE bug 802809 SUSE bug 933288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to obtain sensitive information via unspecified vectors. Important CVE-2013-0637 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0647. Important CVE-2013-0638 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors. Critical CVE-2013-0639 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013. Moderate CVE-2013-0640 SUSE bug 803939 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013. Critical CVE-2013-0641 SUSE bug 803939 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. Critical CVE-2013-0642 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. Important CVE-2013-0643 SUSE bug 806415 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0649 and CVE-2013-1374. Critical CVE-2013-0644 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. Critical CVE-2013-0645 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. Important CVE-2013-0646 SUSE bug 808973 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0638. Critical CVE-2013-0647 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. Critical CVE-2013-0648 SUSE bug 806415 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-1374. Critical CVE-2013-0649 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. Critical CVE-2013-0650 SUSE bug 808973 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none. Moderate CVE-2013-0743 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups. Critical CVE-2013-0744 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects. Critical CVE-2013-0745 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection. Critical CVE-2013-0746 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event. Moderate CVE-2013-0747 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object. Moderate CVE-2013-0748 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-0749 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow. Critical CVE-2013-0750 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. Moderate CVE-2013-0751 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content. Critical CVE-2013-0752 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content. Critical CVE-2013-0753 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects. Critical CVE-2013-0754 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer. Critical CVE-2013-0755 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection. Critical CVE-2013-0756 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document. Critical CVE-2013-0757 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements. Critical CVE-2013-0758 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. Moderate CVE-2013-0759 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. Critical CVE-2013-0760 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2013-0761 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2013-0762 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas. Critical CVE-2013-0763 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data. Important CVE-2013-0764 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors. Critical CVE-2013-0765 SUSE bug 804248 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2013-0766 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. Critical CVE-2013-0767 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values. Critical CVE-2013-0768 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-0769 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-0770 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. Critical CVE-2013-0771 SUSE bug 796895 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image. Moderate CVE-2013-0772 SUSE bug 804248 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. Moderate CVE-2013-0773 SUSE bug 804248 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors. Critical CVE-2013-0774 SUSE bug 804248 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. Critical CVE-2013-0775 SUSE bug 804248 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. Moderate CVE-2013-0776 SUSE bug 804248 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties. Critical CVE-2013-0780 SUSE bug 804248 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2013-0782 SUSE bug 804248 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-0783 SUSE bug 804248 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. Critical CVE-2013-0787 SUSE bug 808243 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2013-0788 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors. Critical CVE-2013-0789 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in. Critical CVE-2013-0790 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. Moderate CVE-2013-0791 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image. Moderate CVE-2013-0792 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. Moderate CVE-2013-0793 SUSE bug 819204 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. Moderate CVE-2013-0794 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. Critical CVE-2013-0795 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. Critical CVE-2013-0796 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory. Moderate CVE-2013-0797 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used. Moderate CVE-2013-0798 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted arguments. Important CVE-2013-0799 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. Important CVE-2013-0800 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. Moderate CVE-2013-0809 SUSE bug 806786 SUSE bug 807487 SUSE bug 809386 SUSE bug 813939 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. Important CVE-2013-0871 SUSE bug 804154 SUSE bug 804227 SUSE bug 841063 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition. Moderate CVE-2013-0913 SUSE bug 808829 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. Low CVE-2013-0914 SUSE bug 808827 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. Important CVE-2013-1059 SUSE bug 826350 SUSE bug 882913 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. Critical CVE-2013-1365 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. Critical CVE-2013-1366 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. Critical CVE-2013-1367 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. Critical CVE-2013-1368 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. Critical CVE-2013-1369 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1372, and CVE-2013-1373. Critical CVE-2013-1370 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Critical CVE-2013-1371 SUSE bug 808973 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1373. Critical CVE-2013-1372 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1372. Critical CVE-2013-1373 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-0649. Critical CVE-2013-1374 SUSE bug 803485 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. Critical CVE-2013-1375 SUSE bug 808973 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1380. Moderate CVE-2013-1378 SUSE bug 814635 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Critical CVE-2013-1379 SUSE bug 814635 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1378. Critical CVE-2013-1380 SUSE bug 814635 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. Moderate CVE-2013-1415 SUSE bug 806715 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. Moderate CVE-2013-1418 SUSE bug 849240 SUSE bug 866059 SUSE bug 879587 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors. Moderate CVE-2013-1432 SUSE bug 823011 SUSE bug 826882 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. Moderate CVE-2013-1442 SUSE bug 839596 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. Important CVE-2013-1475 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." Important CVE-2013-1476 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. Important CVE-2013-1478 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. Important CVE-2013-1480 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Important CVE-2013-1486 SUSE bug 798535 SUSE bug 803379 SUSE bug 804654 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013. Critical CVE-2013-1488 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. Moderate CVE-2013-1493 SUSE bug 806786 SUSE bug 807487 SUSE bug 809386 SUSE bug 813939 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory. Important CVE-2013-1500 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions." Moderate CVE-2013-1518 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code. Critical CVE-2013-1537 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method. Critical CVE-2013-1557 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2. Important CVE-2013-1569 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. Moderate CVE-2013-1571 SUSE bug 824397 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1572 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1573 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1574 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1575 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1576 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1577 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet. Moderate CVE-2013-1578 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1579 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1580 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet. Moderate CVE-2013-1581 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet. Moderate CVE-2013-1582 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1583 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1584 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1585 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1586 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1587 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1588 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1589 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1590 SUSE bug 801131 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop. Moderate CVE-2013-1591 SUSE bug 815064 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. Moderate CVE-2013-1619 SUSE bug 802184 SUSE bug 802651 SUSE bug 957568 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product. Moderate CVE-2013-1633 SUSE bug 843759 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request. Moderate CVE-2013-1640 SUSE bug 809839 SUSE bug 880224 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors. Moderate CVE-2013-1652 SUSE bug 809839 SUSE bug 880224 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request. Moderate CVE-2013-1653 SUSE bug 809839 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors. Moderate CVE-2013-1654 SUSE bug 809839 SUSE bug 880224 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes." Important CVE-2013-1655 SUSE bug 809839 SUSE bug 880224 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. Moderate CVE-2013-1667 SUSE bug 804415 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-1682 SUSE bug 825935 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. Critical CVE-2013-1684 SUSE bug 825935 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. Critical CVE-2013-1685 SUSE bug 825935 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2013-1686 SUSE bug 825935 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site. Critical CVE-2013-1687 SUSE bug 825935 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. Critical CVE-2013-1690 SUSE bug 825935 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site. Moderate CVE-2013-1692 SUSE bug 825935 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code. Moderate CVE-2013-1693 SUSE bug 825935 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. Moderate CVE-2013-1697 SUSE bug 825935 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-1701 SUSE bug 833389 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-1702 SUSE bug 833389 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request. Critical CVE-2013-1705 SUSE bug 833389 SUSE bug 840485 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line. Important CVE-2013-1706 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service. Important CVE-2013-1707 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document. Moderate CVE-2013-1709 SUSE bug 833389 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation. Critical CVE-2013-1710 SUSE bug 833389 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory. Moderate CVE-2013-1712 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. Moderate CVE-2013-1713 SUSE bug 833389 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors. Moderate CVE-2013-1714 SUSE bug 833389 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. Moderate CVE-2013-1717 SUSE bug 833389 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-1718 SUSE bug 840485 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning. Critical CVE-2013-1722 SUSE bug 840485 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. Important CVE-2013-1725 SUSE bug 840485 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. Moderate CVE-2013-1726 SUSE bug 840485 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. Important CVE-2013-1730 SUSE bug 840485 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout. Critical CVE-2013-1732 SUSE bug 840485 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling. Critical CVE-2013-1735 SUSE bug 840485 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes. Critical CVE-2013-1736 SUSE bug 840485 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. Moderate CVE-2013-1737 SUSE bug 840485 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Moderate CVE-2013-1739 SUSE bug 842979 SUSE bug 847708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Moderate CVE-2013-1741 SUSE bug 850148 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 ** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 "Independently Fixable" in the CVE Counting Decisions. Moderate CVE-2013-1752 SUSE bug 856835 SUSE bug 856836 SUSE bug 863741 SUSE bug 885882 SUSE bug 898572 SUSE bug 912739 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. Moderate CVE-2013-1753 SUSE bug 856835 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. Moderate CVE-2013-1767 SUSE bug 806138 SUSE bug 807436 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted message. Moderate CVE-2013-1769 SUSE bug 807449 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (buffer overflow and system crash) by leveraging /dev/kmsg write access and triggering a call_console_drivers function call. Moderate CVE-2013-1772 SUSE bug 806238 SUSE bug 807441 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. Moderate CVE-2013-1774 SUSE bug 806976 SUSE bug 807455 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. Moderate CVE-2013-1775 SUSE bug 806919 SUSE bug 806921 SUSE bug 815325 SUSE bug 845568 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. Low CVE-2013-1776 SUSE bug 806921 SUSE bug 817349 SUSE bug 817350 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. Moderate CVE-2013-1788 SUSE bug 806793 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. Moderate CVE-2013-1789 SUSE bug 806793 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. Moderate CVE-2013-1790 SUSE bug 806793 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. Moderate CVE-2013-1792 SUSE bug 807428 SUSE bug 808358 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. Moderate CVE-2013-1796 SUSE bug 806980 SUSE bug 819789 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. Important CVE-2013-1797 SUSE bug 806980 SUSE bug 819789 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. Important CVE-2013-1798 SUSE bug 806980 SUSE bug 819789 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. Moderate CVE-2013-1819 SUSE bug 807471 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack. Moderate CVE-2013-1821 SUSE bug 808137 SUSE bug 876588 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call. Moderate CVE-2013-1828 SUSE bug 808351 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. Moderate CVE-2013-1848 SUSE bug 809155 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. Moderate CVE-2013-1860 SUSE bug 806431 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. Moderate CVE-2013-1861 SUSE bug 809544 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack." Moderate CVE-2013-1864 SUSE bug 809917 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796. Important CVE-2013-1872 SUSE bug 828007 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Moderate CVE-2013-1881 SUSE bug 840753 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen). Important CVE-2013-1899 SUSE bug 812525 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions." Important CVE-2013-1900 SUSE bug 812525 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. Important CVE-2013-1901 SUSE bug 812525 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump. Moderate CVE-2013-1913 SUSE bug 853423 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. Moderate CVE-2013-1914 SUSE bug 813121 SUSE bug 826666 SUSE bug 882910 SUSE bug 941444 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. Moderate CVE-2013-1917 SUSE bug 813673 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal." Moderate CVE-2013-1918 SUSE bug 813673 SUSE bug 816159 SUSE bug 823011 SUSE bug 826882 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices." Moderate CVE-2013-1919 SUSE bug 813673 SUSE bug 813675 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. Moderate CVE-2013-1920 SUSE bug 813673 SUSE bug 813677 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004. Moderate CVE-2013-1922 SUSE bug 814059 SUSE bug 934753 SUSE bug 934768 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks. Moderate CVE-2013-1923 SUSE bug 813464 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet. Moderate CVE-2013-1926 SUSE bug 815596 SUSE bug 818768 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR." Moderate CVE-2013-1927 SUSE bug 815596 SUSE bug 818768 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. Moderate CVE-2013-1929 SUSE bug 813733 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. Low CVE-2013-1940 SUSE bug 814653 SUSE bug 815870 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. Important CVE-2013-1944 SUSE bug 814655 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ruby193 uses an insecure LD_LIBRARY_PATH setting. Low CVE-2013-1945 SUSE bug 1160788 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. Moderate CVE-2013-1952 SUSE bug 813673 SUSE bug 816163 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file. Moderate CVE-2013-1960 SUSE bug 817573 SUSE bug 854393 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. Moderate CVE-2013-1961 SUSE bug 817573 SUSE bug 818117 SUSE bug 854393 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors. Moderate CVE-2013-1964 SUSE bug 813673 SUSE bug 813675 SUSE bug 816156 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries. Moderate CVE-2013-1978 SUSE bug 853425 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. Moderate CVE-2013-1979 SUSE bug 816708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions. Moderate CVE-2013-1981 SUSE bug 815451 SUSE bug 821664 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions. Moderate CVE-2013-1982 SUSE bug 815451 SUSE bug 821665 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function. Moderate CVE-2013-1983 SUSE bug 815451 SUSE bug 821667 SUSE bug 880221 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions. Moderate CVE-2013-1984 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function. Moderate CVE-2013-1985 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions. Moderate CVE-2013-1986 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions. Moderate CVE-2013-1987 SUSE bug 815451 SUSE bug 821669 SUSE bug 880221 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions. Moderate CVE-2013-1988 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function. Moderate CVE-2013-1989 SUSE bug 815451 SUSE bug 821671 SUSE bug 880221 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions. Moderate CVE-2013-1990 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions. Moderate CVE-2013-1991 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions. Moderate CVE-2013-1992 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions. Moderate CVE-2013-1993 SUSE bug 815451 SUSE bug 821855 SUSE bug 880221 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function. Moderate CVE-2013-1995 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function. Moderate CVE-2013-1996 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions. Moderate CVE-2013-1997 SUSE bug 815451 SUSE bug 821664 SUSE bug 824294 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions. Moderate CVE-2013-1998 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function. Moderate CVE-2013-1999 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions. Moderate CVE-2013-2000 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function. Moderate CVE-2013-2001 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function. Moderate CVE-2013-2002 SUSE bug 815451 SUSE bug 821670 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function. Moderate CVE-2013-2003 SUSE bug 1065386 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file. Low CVE-2013-2004 SUSE bug 815451 SUSE bug 821664 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions. Moderate CVE-2013-2005 SUSE bug 815451 SUSE bug 821670 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files. Moderate CVE-2013-2007 SUSE bug 818181 SUSE bug 818182 SUSE bug 818183 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. Moderate CVE-2013-2016 SUSE bug 817593 SUSE bug 871442 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read. Moderate CVE-2013-2020 SUSE bug 816865 SUSE bug 899395 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file. Moderate CVE-2013-2021 SUSE bug 816865 SUSE bug 899395 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. Moderate CVE-2013-2061 SUSE bug 843509 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3) XpGetPrinterList, and (4) XpQueryScreens functions. Moderate CVE-2013-2062 SUSE bug 815451 SUSE bug 821668 SUSE bug 880221 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function. Moderate CVE-2013-2063 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Moderate CVE-2013-2064 SUSE bug 815451 SUSE bug 821584 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function. Moderate CVE-2013-2066 SUSE bug 815451 SUSE bug 821671 SUSE bug 880221 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap. Moderate CVE-2013-2072 SUSE bug 813673 SUSE bug 819416 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. Moderate CVE-2013-2076 SUSE bug 813673 SUSE bug 820917 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors. Moderate CVE-2013-2077 SUSE bug 813673 SUSE bug 820919 SUSE bug 823011 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction. Important CVE-2013-2078 SUSE bug 813673 SUSE bug 820920 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. Important CVE-2013-2094 SUSE bug 819789 SUSE bug 820202 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. Moderate CVE-2013-2116 SUSE bug 821818 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. Moderate CVE-2013-2146 SUSE bug 825006 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. Moderate CVE-2013-2148 SUSE bug 823517 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. Moderate CVE-2013-2164 SUSE bug 824295 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. Moderate CVE-2013-2174 SUSE bug 824517 SUSE bug 917692 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file. Moderate CVE-2013-2189 SUSE bug 831904 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. Moderate CVE-2013-2194 SUSE bug 823011 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations. Moderate CVE-2013-2195 SUSE bug 823011 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195. Moderate CVE-2013-2196 SUSE bug 823011 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. Important CVE-2013-2206 SUSE bug 781018 SUSE bug 826102 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. Moderate CVE-2013-2207 SUSE bug 830257 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors. Moderate CVE-2013-2211 SUSE bug 823608 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. Moderate CVE-2013-2212 SUSE bug 826718 SUSE bug 831120 SUSE bug 846849 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. Important CVE-2013-2232 SUSE bug 827750 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. Low CVE-2013-2234 SUSE bug 827749 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. Moderate CVE-2013-2237 SUSE bug 828119 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. Moderate CVE-2013-2266 SUSE bug 811876 SUSE bug 811934 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report. Important CVE-2013-2274 SUSE bug 809839 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors. Moderate CVE-2013-2275 SUSE bug 809839 SUSE bug 880224 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2. Critical CVE-2013-2383 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2. Critical CVE-2013-2384 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader." Moderate CVE-2013-2407 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box. Moderate CVE-2013-2412 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions. Low CVE-2013-2415 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue. Moderate CVE-2013-2417 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2. Moderate CVE-2013-2419 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets. Critical CVE-2013-2420 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect MethodHandle lookups, which allows remote attackers to bypass Java sandbox restrictions. Critical CVE-2013-2421 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox. Moderate CVE-2013-2422 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator. Moderate CVE-2013-2424 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. Important CVE-2013-2425 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect invocation of the defaultReadObject method in the ConcurrentHashMap class, which allows remote attackers to bypass the Java sandbox. Critical CVE-2013-2426 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageWriter state corruption" when using native code, which triggers memory corruption. Important CVE-2013-2429 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code. Important CVE-2013-2430 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames." Critical CVE-2013-2431 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class. Moderate CVE-2013-2443 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files. Moderate CVE-2013-2444 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors." Moderate CVE-2013-2445 SUSE bug 825624 SUSE bug 828665 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams. Moderate CVE-2013-2446 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost. Moderate CVE-2013-2447 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes." Moderate CVE-2013-2448 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path. Moderate CVE-2013-2449 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass. Moderate CVE-2013-2450 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use. Low CVE-2013-2451 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class. Moderate CVE-2013-2452 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector. Moderate CVE-2013-2453 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox. Moderate CVE-2013-2454 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods. Moderate CVE-2013-2455 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class. Moderate CVE-2013-2456 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions. Moderate CVE-2013-2457 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via "an error related to method handles." Moderate CVE-2013-2458 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks." Critical CVE-2013-2459 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component. Critical CVE-2013-2460 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm." Moderate CVE-2013-2461 SUSE bug 825624 SUSE bug 828665 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D. Critical CVE-2013-2463 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. Critical CVE-2013-2465 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D. Critical CVE-2013-2469 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing." Critical CVE-2013-2470 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks." Critical CVE-2013-2471 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D. Critical CVE-2013-2472 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D. Critical CVE-2013-2473 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-2475 SUSE bug 807942 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short. Moderate CVE-2013-2476 SUSE bug 807942 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-2477 SUSE bug 807942 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string. Moderate CVE-2013-2478 SUSE bug 807942 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data. Moderate CVE-2013-2479 SUSE bug 807942 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-2480 SUSE bug 807942 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. Moderate CVE-2013-2481 SUSE bug 807942 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-2482 SUSE bug 807942 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data. Moderate CVE-2013-2483 SUSE bug 807942 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-2484 SUSE bug 807942 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-2485 SUSE bug 807942 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet. Moderate CVE-2013-2486 SUSE bug 807942 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486. Moderate CVE-2013-2487 SUSE bug 807942 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location. Moderate CVE-2013-2488 SUSE bug 807942 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013. Moderate CVE-2013-2549 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013. Moderate CVE-2013-2550 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. Moderate CVE-2013-2555 SUSE bug 814635 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. Moderate CVE-2013-2634 SUSE bug 810473 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. Moderate CVE-2013-2635 SUSE bug 810473 SUSE bug 871595 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-2718 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-2719 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-2720 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-2721 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-2722 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-2723 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors. Critical CVE-2013-2724 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-2725 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-2726 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2729. Critical CVE-2013-2727 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. Moderate CVE-2013-2728 SUSE bug 819916 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727. Critical CVE-2013-2729 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733. Critical CVE-2013-2730 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-2731 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-2732 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2730. Critical CVE-2013-2733 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-2734 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-2735 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-2736 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 A JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to obtain sensitive information via unspecified vectors. Moderate CVE-2013-2737 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. Low CVE-2013-2776 SUSE bug 806921 SUSE bug 817349 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. Low CVE-2013-2777 SUSE bug 806921 SUSE bug 817349 SUSE bug 817350 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. Important CVE-2013-2850 SUSE bug 821560 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. Moderate CVE-2013-2851 SUSE bug 822575 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. Moderate CVE-2013-2852 SUSE bug 822579 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. Moderate CVE-2013-2877 SUSE bug 1123919 SUSE bug 828893 SUSE bug 829077 SUSE bug 854869 SUSE bug 877506 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. Moderate CVE-2013-2889 SUSE bug 835839 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. Moderate CVE-2013-2893 SUSE bug 835839 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. Moderate CVE-2013-2897 SUSE bug 835839 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. Moderate CVE-2013-2899 SUSE bug 835839 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. Moderate CVE-2013-2929 SUSE bug 824295 SUSE bug 847652 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. Moderate CVE-2013-2930 SUSE bug 849362 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature. Moderate CVE-2013-2944 SUSE bug 815236 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. Low CVE-2013-3076 SUSE bug 816668 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. Low CVE-2013-3222 SUSE bug 816668 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. Low CVE-2013-3223 SUSE bug 816668 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. Low CVE-2013-3224 SUSE bug 816668 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. Low CVE-2013-3225 SUSE bug 816668 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. Low CVE-2013-3227 SUSE bug 816668 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. Low CVE-2013-3228 SUSE bug 816668 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. Low CVE-2013-3229 SUSE bug 816668 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. Low CVE-2013-3231 SUSE bug 816668 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. Low CVE-2013-3232 SUSE bug 816668 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. Low CVE-2013-3234 SUSE bug 816668 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. Low CVE-2013-3235 SUSE bug 816668 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. Moderate CVE-2013-3301 SUSE bug 815256 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. Critical CVE-2013-3324 SUSE bug 819916 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. Critical CVE-2013-3325 SUSE bug 819916 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. Critical CVE-2013-3326 SUSE bug 819916 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. Critical CVE-2013-3327 SUSE bug 819916 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. Critical CVE-2013-3328 SUSE bug 819916 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. Critical CVE-2013-3329 SUSE bug 819916 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. Critical CVE-2013-3330 SUSE bug 819916 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. Critical CVE-2013-3331 SUSE bug 819916 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. Critical CVE-2013-3332 SUSE bug 819916 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3334, and CVE-2013-3335. Critical CVE-2013-3333 SUSE bug 819916 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3335. Critical CVE-2013-3334 SUSE bug 819916 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3334. Critical CVE-2013-3335 SUSE bug 819916 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-3337 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-3338 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3340, and CVE-2013-3341. Critical CVE-2013-3339 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3341. Critical CVE-2013-3340 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3340. Critical CVE-2013-3341 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 do not properly handle operating-system domain blacklists, which has unspecified impact and attack vectors. Critical CVE-2013-3342 SUSE bug 819918 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Moderate CVE-2013-3343 SUSE bug 824512 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2013-3344 SUSE bug 828810 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Critical CVE-2013-3345 SUSE bug 828810 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling. Critical CVE-2013-3347 SUSE bug 828810 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3362, CVE-2013-3363, and CVE-2013-5324. Critical CVE-2013-3361 SUSE bug 839897 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3363, and CVE-2013-5324. Critical CVE-2013-3362 SUSE bug 839897 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-5324. Critical CVE-2013-3363 SUSE bug 839897 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-3555 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-3556 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-3557 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-3558 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. Moderate CVE-2013-3559 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-3560 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. Moderate CVE-2013-3561 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-3562 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. Critical CVE-2013-3567 SUSE bug 1040151 SUSE bug 825878 SUSE bug 880224 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP4 socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions. Moderate CVE-2013-3571 SUSE bug 821985 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a more-trustworthy key. Important CVE-2013-3704 SUSE bug 828672 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP4 evince is missing a check on number of pages which can lead to a segmentation fault Moderate CVE-2013-3718 SUSE bug 970030 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser. Moderate CVE-2013-3783 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. Moderate CVE-2013-3793 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition. Moderate CVE-2013-3794 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. Moderate CVE-2013-3795 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Moderate CVE-2013-3796 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached. Moderate CVE-2013-3798 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. Moderate CVE-2013-3801 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Moderate CVE-2013-3802 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Moderate CVE-2013-3804 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements. Moderate CVE-2013-3805 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811. Moderate CVE-2013-3806 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges. Moderate CVE-2013-3807 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. Moderate CVE-2013-3808 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log. Moderate CVE-2013-3809 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions. Moderate CVE-2013-3810 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806. Moderate CVE-2013-3811 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. Moderate CVE-2013-3812 SUSE bug 830086 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. Moderate CVE-2013-3829 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names. Important CVE-2013-4002 SUSE bug 829212 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Moderate CVE-2013-4073 SUSE bug 827265 SUSE bug 834601 SUSE bug 839107 SUSE bug 876588 SUSE bug 880222 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-4074 SUSE bug 824900 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-4075 SUSE bug 824900 SUSE bug 836146 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-4076 SUSE bug 824900 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. Moderate CVE-2013-4077 SUSE bug 824900 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-4078 SUSE bug 824900 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. Moderate CVE-2013-4079 SUSE bug 824900 SUSE bug 836146 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. Moderate CVE-2013-4080 SUSE bug 824900 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. Moderate CVE-2013-4081 SUSE bug 824900 SUSE bug 836116 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. Moderate CVE-2013-4082 SUSE bug 824900 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-4083 SUSE bug 824900 SUSE bug 831718 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. Moderate CVE-2013-4118 SUSE bug 829013 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished. Moderate CVE-2013-4119 SUSE bug 829013 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Moderate CVE-2013-4124 SUSE bug 829969 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass. Low CVE-2013-4132 SUSE bug 829857 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 kde-workspace before 4.10.5 has a memory leak in plasma desktop Low CVE-2013-4133 SUSE bug 829857 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file. Moderate CVE-2013-4156 SUSE bug 831578 SUSE bug 893141 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. Moderate CVE-2013-4162 SUSE bug 831058 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. Moderate CVE-2013-4163 SUSE bug 831055 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. Critical CVE-2013-4164 SUSE bug 851803 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. Moderate CVE-2013-4231 SUSE bug 834477 SUSE bug 854393 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. Moderate CVE-2013-4232 SUSE bug 834477 SUSE bug 854393 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. Moderate CVE-2013-4237 SUSE bug 834594 SUSE bug 882910 SUSE bug 883022 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Moderate CVE-2013-4238 SUSE bug 834601 SUSE bug 839107 SUSE bug 882915 SUSE bug 912739 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. Moderate CVE-2013-4242 SUSE bug 831359 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. Moderate CVE-2013-4243 SUSE bug 834779 SUSE bug 854393 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. Moderate CVE-2013-4244 SUSE bug 834788 SUSE bug 854393 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Orca has arbitrary code execution due to insecure Python module load Moderate CVE-2013-4245 SUSE bug 916835 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application. Moderate CVE-2013-4270 SUSE bug 836949 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. Moderate CVE-2013-4276 SUSE bug 843716 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call. Important CVE-2013-4296 SUSE bug 836931 SUSE bug 838638 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image. Moderate CVE-2013-4298 SUSE bug 844157 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. Moderate CVE-2013-4299 SUSE bug 846404 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. Moderate CVE-2013-4316 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process. Moderate CVE-2013-4325 SUSE bug 808355 SUSE bug 836931 SUSE bug 836932 SUSE bug 836937 SUSE bug 852368 SUSE bug 864716 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. Moderate CVE-2013-4329 SUSE bug 839618 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. Moderate CVE-2013-4332 SUSE bug 839870 SUSE bug 882910 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. Low CVE-2013-4342 SUSE bug 844230 SUSE bug 855685 SUSE bug 882917 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call. Moderate CVE-2013-4343 SUSE bug 1135603 SUSE bug 839965 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. Moderate CVE-2013-4344 SUSE bug 842006 SUSE bug 871442 SUSE bug 880751 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. Moderate CVE-2013-4345 SUSE bug 840226 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4540. Reason: This candidate was MERGED into CVE-2012-4540, since it was later discovered that it affected an additional version, but it does not constitute a regression error. Notes: All CVE users should reference CVE-2012-4540 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Important CVE-2013-4349 SUSE bug 840572 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. Low CVE-2013-4351 SUSE bug 840510 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. Moderate CVE-2013-4353 SUSE bug 857640 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. Moderate CVE-2013-4355 SUSE bug 840592 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. Moderate CVE-2013-4357 SUSE bug 844309 SUSE bug 883217 SUSE bug 903057 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. Moderate CVE-2013-4361 SUSE bug 840592 SUSE bug 841766 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. Moderate CVE-2013-4368 SUSE bug 840592 SUSE bug 842511 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration. Moderate CVE-2013-4369 SUSE bug 840592 SUSE bug 842512 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free. Low CVE-2013-4370 SUSE bug 840592 SUSE bug 842513 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors. Moderate CVE-2013-4371 SUSE bug 840592 SUSE bug 842514 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors. Low CVE-2013-4375 SUSE bug 840592 SUSE bug 842515 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. Important CVE-2013-4396 SUSE bug 843652 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message. Important CVE-2013-4402 SUSE bug 844175 SUSE bug 941439 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. Important CVE-2013-4408 SUSE bug 844720 SUSE bug 848101 SUSE bug 882906 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply. Moderate CVE-2013-4416 SUSE bug 840592 SUSE bug 845520 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. Moderate CVE-2013-4449 SUSE bug 846389 SUSE bug 916897 SUSE bug 916914 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. Moderate CVE-2013-4458 SUSE bug 847227 SUSE bug 883217 SUSE bug 941444 SUSE bug 955181 SUSE bug 967023 SUSE bug 980483 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. Important CVE-2013-4470 SUSE bug 847672 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). Moderate CVE-2013-4475 SUSE bug 848101 SUSE bug 880220 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. Moderate CVE-2013-4483 SUSE bug 848321 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. Moderate CVE-2013-4494 SUSE bug 848657 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts. Moderate CVE-2013-4496 SUSE bug 849224 SUSE bug 866844 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. Moderate CVE-2013-4511 SUSE bug 849021 SUSE bug 850263 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. Moderate CVE-2013-4514 SUSE bug 849029 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. Moderate CVE-2013-4515 SUSE bug 849034 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. Moderate CVE-2013-4527 SUSE bug 864673 SUSE bug 871442 SUSE bug 964746 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. Moderate CVE-2013-4529 SUSE bug 864678 SUSE bug 871442 SUSE bug 964929 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image. Moderate CVE-2013-4530 SUSE bug 864682 SUSE bug 871442 SUSE bug 964950 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image. Moderate CVE-2013-4533 SUSE bug 864655 SUSE bug 871442 SUSE bug 964644 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. Moderate CVE-2013-4534 SUSE bug 864811 SUSE bug 871442 SUSE bug 964452 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. Moderate CVE-2013-4537 SUSE bug 864391 SUSE bug 871442 SUSE bug 962642 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image. Moderate CVE-2013-4538 SUSE bug 864769 SUSE bug 871442 SUSE bug 962335 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image. Moderate CVE-2013-4539 SUSE bug 864805 SUSE bug 871442 SUSE bug 962758 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. Moderate CVE-2013-4540 SUSE bug 864801 SUSE bug 871442 SUSE bug 880751 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. Moderate CVE-2013-4541 SUSE bug 864802 SUSE bug 871442 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Moderate CVE-2013-4545 SUSE bug 849596 SUSE bug 870444 SUSE bug 880252 SUSE bug 882520 SUSE bug 924250 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. Moderate CVE-2013-4549 SUSE bug 1039291 SUSE bug 856832 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution." Moderate CVE-2013-4551 SUSE bug 848657 SUSE bug 849665 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). Moderate CVE-2013-4553 SUSE bug 848657 SUSE bug 849667 SUSE bug 849668 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. Moderate CVE-2013-4554 SUSE bug 848657 SUSE bug 849668 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. Moderate CVE-2013-4579 SUSE bug 851426 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. Important CVE-2013-4587 SUSE bug 853050 SUSE bug 882914 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. Moderate CVE-2013-4592 SUSE bug 851101 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master. Moderate CVE-2013-4761 SUSE bug 835122 SUSE bug 836962 SUSE bug 880224 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. Moderate CVE-2013-4788 SUSE bug 830268 SUSE bug 882910 SUSE bug 950944 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. Moderate CVE-2013-4854 SUSE bug 831899 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet. Moderate CVE-2013-4929 SUSE bug 831718 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. Moderate CVE-2013-4930 SUSE bug 831718 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector. Moderate CVE-2013-4931 SUSE bug 831718 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-4932 SUSE bug 831718 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. Moderate CVE-2013-4933 SUSE bug 831718 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. Moderate CVE-2013-4934 SUSE bug 831718 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-4935 SUSE bug 831718 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. Moderate CVE-2013-4969 SUSE bug 856843 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow. Moderate CVE-2013-5018 SUSE bug 833278 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. Moderate CVE-2013-5211 SUSE bug 857195 SUSE bug 889447 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-3363. Critical CVE-2013-5324 SUSE bug 839897 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5330. Important CVE-2013-5329 SUSE bug 850220 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5329. Important CVE-2013-5330 SUSE bug 850220 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013. Critical CVE-2013-5331 SUSE bug 854881 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Critical CVE-2013-5332 SUSE bug 854881 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. Moderate CVE-2013-5605 SUSE bug 850148 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. Moderate CVE-2013-5606 SUSE bug 850148 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. Moderate CVE-2013-5607 SUSE bug 850148 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-5609 SUSE bug 854370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-5610 SUSE bug 854370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. Moderate CVE-2013-5611 SUSE bug 854370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header. Moderate CVE-2013-5612 SUSE bug 854370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function. Critical CVE-2013-5613 SUSE bug 854370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. Moderate CVE-2013-5614 SUSE bug 854370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors. Moderate CVE-2013-5615 SUSE bug 854370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners. Critical CVE-2013-5616 SUSE bug 854370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection. Critical CVE-2013-5618 SUSE bug 854370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. Moderate CVE-2013-5619 SUSE bug 854370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune. Moderate CVE-2013-5651 SUSE bug 837999 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication. Important CVE-2013-5745 SUSE bug 843174 SUSE bug 880231 SUSE bug 880271 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat. Moderate CVE-2013-5772 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. Moderate CVE-2013-5774 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. Moderate CVE-2013-5778 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Moderate CVE-2013-5780 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Moderate CVE-2013-5782 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing. Moderate CVE-2013-5783 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING. Moderate CVE-2013-5784 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS. Moderate CVE-2013-5790 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. Low CVE-2013-5797 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS. Moderate CVE-2013-5800 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. Moderate CVE-2013-5802 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS. Important CVE-2013-5803 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc. Moderate CVE-2013-5804 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5806. Moderate CVE-2013-5805 SUSE bug 846177 SUSE bug 846999 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5805. Moderate CVE-2013-5806 SUSE bug 846177 SUSE bug 846999 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5829. Critical CVE-2013-5809 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. Critical CVE-2013-5814 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. Critical CVE-2013-5817 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS. Moderate CVE-2013-5820 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security. Moderate CVE-2013-5823 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP. Moderate CVE-2013-5825 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809. Critical CVE-2013-5829 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Critical CVE-2013-5830 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Moderate CVE-2013-5840 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850. Moderate CVE-2013-5842 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT. Moderate CVE-2013-5849 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842. Critical CVE-2013-5850 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP. Moderate CVE-2013-5851 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Moderate CVE-2013-5860 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox. Moderate CVE-2013-5878 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431. Moderate CVE-2013-5881 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures. Moderate CVE-2013-5882 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an incorrect check for code permissions by CORBA stub factories. Moderate CVE-2013-5884 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. Moderate CVE-2013-5891 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to improper handling of methods in MethodHandles in HotSpot JVM, which allows attackers to escape the sandbox. Moderate CVE-2013-5893 SUSE bug 858818 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Moderate CVE-2013-5894 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that com.sun.corba.se and its sub-packages are not included on the restricted package list. Moderate CVE-2013-5896 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted font file. Moderate CVE-2013-5907 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling. Low CVE-2013-5908 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that CanonicalizerBase.java in the XML canonicalizer allows untrusted code to access mutable byte arrays. Moderate CVE-2013-5910 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-6336 SUSE bug 848738 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-6337 SUSE bug 848738 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-6338 SUSE bug 848738 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. Moderate CVE-2013-6339 SUSE bug 848738 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-6340 SUSE bug 848738 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. Moderate CVE-2013-6367 SUSE bug 853051 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. Moderate CVE-2013-6368 SUSE bug 853052 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. Moderate CVE-2013-6376 SUSE bug 853053 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. Moderate CVE-2013-6378 SUSE bug 852559 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. Moderate CVE-2013-6380 SUSE bug 852373 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. Moderate CVE-2013-6382 SUSE bug 852553 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. Moderate CVE-2013-6383 SUSE bug 852558 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors. Moderate CVE-2013-6400 SUSE bug 853048 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. Moderate CVE-2013-6402 SUSE bug 852368 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors. Moderate CVE-2013-6412 SUSE bug 853044 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate. Moderate CVE-2013-6418 SUSE bug 856323 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Moderate CVE-2013-6424 SUSE bug 853846 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Moderate CVE-2013-6425 SUSE bug 853824 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. Important CVE-2013-6435 SUSE bug 1101137 SUSE bug 906803 SUSE bug 908128 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command. Moderate CVE-2013-6436 SUSE bug 854486 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file. Low CVE-2013-6441 SUSE bug 855809 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function. Moderate CVE-2013-6456 SUSE bug 857490 SUSE bug 868943 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command. Moderate CVE-2013-6458 SUSE bug 857492 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file. Moderate CVE-2013-6462 SUSE bug 854915 SUSE bug 882908 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, CVE-2013-7271. Reason: This candidate is a duplicate of CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, and CVE-2013-7271. Notes: All CVE users should reference CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, and/or CVE-2013-7271 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Low CVE-2013-6463 SUSE bug 854722 SUSE bug 857643 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message. Moderate CVE-2013-6477 SUSE bug 861019 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip. Moderate CVE-2013-6478 SUSE bug 861019 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response. Moderate CVE-2013-6479 SUSE bug 861019 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read. Moderate CVE-2013-6481 SUSE bug 861019 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. Moderate CVE-2013-6482 SUSE bug 861019 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply. Moderate CVE-2013-6483 SUSE bug 861019 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error. Moderate CVE-2013-6484 SUSE bug 861019 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data. Moderate CVE-2013-6485 SUSE bug 861019 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185. Critical CVE-2013-6486 SUSE bug 861019 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow. Moderate CVE-2013-6487 SUSE bug 861019 SUSE bug 878540 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow. Moderate CVE-2013-6489 SUSE bug 861019 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. Moderate CVE-2013-6490 SUSE bug 861019 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp. Moderate CVE-2013-6493 SUSE bug 863107 SUSE bug 864364 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. Moderate CVE-2013-6497 SUSE bug 1040662 SUSE bug 906077 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. Moderate CVE-2013-6629 SUSE bug 850430 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 SUSE bug 880246 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. Critical CVE-2013-6671 SUSE bug 854370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. Moderate CVE-2013-6672 SUSE bug 854370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. Moderate CVE-2013-6673 SUSE bug 854370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. Moderate CVE-2013-6885 SUSE bug 849668 SUSE bug 852967 SUSE bug 853049 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. Moderate CVE-2013-6954 SUSE bug 856522 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. Moderate CVE-2013-7027 SUSE bug 854634 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Important CVE-2013-7112 SUSE bug 856498 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-7113 SUSE bug 856495 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet. Important CVE-2013-7114 SUSE bug 856496 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack. Moderate CVE-2013-7252 SUSE bug 857200 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. Moderate CVE-2013-7263 SUSE bug 853040 SUSE bug 857643 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. Moderate CVE-2013-7264 SUSE bug 853040 SUSE bug 857643 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. Moderate CVE-2013-7265 SUSE bug 853040 SUSE bug 857643 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. Moderate CVE-2013-7339 SUSE bug 869563 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. Moderate CVE-2013-7353 SUSE bug 873124 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. Moderate CVE-2013-7354 SUSE bug 873123 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. Moderate CVE-2013-7422 SUSE bug 915514 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. Moderate CVE-2013-7423 SUSE bug 915526 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow. Moderate CVE-2013-7439 SUSE bug 927126 SUSE bug 927220 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. Moderate CVE-2013-7440 SUSE bug 930189 SUSE bug 930207 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. Low CVE-2013-7443 SUSE bug 938555 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. Moderate CVE-2013-7446 SUSE bug 955654 SUSE bug 955837 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string. Moderate CVE-2014-0001 SUSE bug 861493 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. Moderate CVE-2014-0015 SUSE bug 858673 SUSE bug 868627 SUSE bug 880252 SUSE bug 882520 SUSE bug 927556 SUSE bug 962983 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision. Moderate CVE-2014-0017 SUSE bug 866278 SUSE bug 866286 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP4 Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line. Low CVE-2014-0019 SUSE bug 860991 SUSE bug 927161 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. Moderate CVE-2014-0020 SUSE bug 861019 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. Moderate CVE-2014-0055 SUSE bug 870173 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command. Moderate CVE-2014-0060 SUSE bug 864845 SUSE bug 864856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions. Moderate CVE-2014-0061 SUSE bug 864846 SUSE bug 864856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window. Moderate CVE-2014-0062 SUSE bug 864847 SUSE bug 864856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065. Moderate CVE-2014-0063 SUSE bug 864850 SUSE bug 864856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector. Moderate CVE-2014-0064 SUSE bug 864851 SUSE bug 864856 SUSE bug 871307 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063. Moderate CVE-2014-0065 SUSE bug 864852 SUSE bug 864856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. Moderate CVE-2014-0066 SUSE bug 864853 SUSE bug 864856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. Moderate CVE-2014-0069 SUSE bug 864025 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. Moderate CVE-2014-0076 SUSE bug 869945 SUSE bug 880891 SUSE bug 883126 SUSE bug 885777 SUSE bug 905106 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. Moderate CVE-2014-0077 SUSE bug 870173 SUSE bug 870576 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. Important CVE-2014-0092 SUSE bug 865804 SUSE bug 915878 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. Moderate CVE-2014-0101 SUSE bug 866102 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable. Moderate CVE-2014-0106 SUSE bug 866503 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function. Moderate CVE-2014-0107 SUSE bug 870082 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. Moderate CVE-2014-0131 SUSE bug 824295 SUSE bug 867723 SUSE bug 869564 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. Moderate CVE-2014-0138 SUSE bug 868627 SUSE bug 880252 SUSE bug 882520 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Moderate CVE-2014-0139 SUSE bug 868629 SUSE bug 880252 SUSE bug 882520 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c. Moderate CVE-2014-0142 SUSE bug 870439 SUSE bug 871442 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes. Moderate CVE-2014-0143 SUSE bug 870439 SUSE bug 871442 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2014-0144 SUSE bug 870439 SUSE bug 871442 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c). Moderate CVE-2014-0145 SUSE bug 870439 SUSE bug 871442 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields. Moderate CVE-2014-0146 SUSE bug 870439 SUSE bug 871442 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2014-0147 SUSE bug 870439 SUSE bug 871442 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow. Moderate CVE-2014-0150 SUSE bug 873235 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. Moderate CVE-2014-0155 SUSE bug 824295 SUSE bug 872540 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request. Moderate CVE-2014-0178 SUSE bug 872396 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods. Moderate CVE-2014-0179 SUSE bug 873705 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. Moderate CVE-2014-0181 SUSE bug 875051 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. Low CVE-2014-0190 SUSE bug 875470 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. Moderate CVE-2014-0196 SUSE bug 871252 SUSE bug 875690 SUSE bug 877345 SUSE bug 879878 SUSE bug 933423 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count. Moderate CVE-2014-0205 SUSE bug 895955 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. Important CVE-2014-0209 SUSE bug 857544 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. Moderate CVE-2014-0210 SUSE bug 857544 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. Moderate CVE-2014-0211 SUSE bug 857544 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. Moderate CVE-2014-0221 SUSE bug 880891 SUSE bug 883126 SUSE bug 885777 SUSE bug 905106 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. Moderate CVE-2014-0222 SUSE bug 877642 SUSE bug 950367 SUSE bug 964925 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. Moderate CVE-2014-0223 SUSE bug 877645 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. Moderate CVE-2014-0224 SUSE bug 1146657 SUSE bug 880891 SUSE bug 883126 SUSE bug 885777 SUSE bug 892403 SUSE bug 901237 SUSE bug 903703 SUSE bug 905018 SUSE bug 905106 SUSE bug 914447 SUSE bug 915913 SUSE bug 916239 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. Moderate CVE-2014-0244 SUSE bug 880962 SUSE bug 883758 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors. Low CVE-2014-0249 SUSE bug 880245 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox. Moderate CVE-2014-0368 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox. Moderate CVE-2014-0373 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories." Moderate CVE-2014-0376 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML. Low CVE-2014-0384 SUSE bug 873896 SUSE bug 999706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Moderate CVE-2014-0386 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB. Moderate CVE-2014-0393 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors. Moderate CVE-2014-0401 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking. Moderate CVE-2014-0402 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake. Moderate CVE-2014-0411 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Moderate CVE-2014-0412 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance. Moderate CVE-2014-0416 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication. Moderate CVE-2014-0420 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox. Moderate CVE-2014-0422 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding. Moderate CVE-2014-0423 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS. Moderate CVE-2014-0427 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. Moderate CVE-2014-0428 SUSE bug 858818 SUSE bug 862064 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Moderate CVE-2014-0429 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema. Low CVE-2014-0430 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881. Moderate CVE-2014-0431 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling. Moderate CVE-2014-0433 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Moderate CVE-2014-0437 SUSE bug 858823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2014-0446 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412. Moderate CVE-2014-0451 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423. Moderate CVE-2014-0452 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. Moderate CVE-2014-0453 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. Moderate CVE-2014-0454 SUSE bug 873873 SUSE bug 877429 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402. Moderate CVE-2014-0455 SUSE bug 873873 SUSE bug 877429 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2014-0456 SUSE bug 873872 SUSE bug 873873 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2014-0457 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423. Moderate CVE-2014-0458 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D. Moderate CVE-2014-0459 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI. Moderate CVE-2014-0460 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2014-0461 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file. Moderate CVE-2014-0466 SUSE bug 871097 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Moderate CVE-2014-0467 SUSE bug 868115 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. Moderate CVE-2014-0475 SUSE bug 887022 SUSE bug 896776 SUSE bug 916222 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors. Moderate CVE-2014-0491 SUSE bug 858822 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak." Moderate CVE-2014-0492 SUSE bug 858822 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2014-0497 SUSE bug 862288 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors. Critical CVE-2014-0498 SUSE bug 865021 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors. Critical CVE-2014-0499 SUSE bug 865021 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014. Critical CVE-2014-0502 SUSE bug 865021 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Important CVE-2014-0503 SUSE bug 867808 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors. Important CVE-2014-0504 SUSE bug 867808 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. Critical CVE-2014-0506 SUSE bug 872692 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors. Critical CVE-2014-0507 SUSE bug 872692 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Moderate CVE-2014-0508 SUSE bug 872692 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Moderate CVE-2014-0509 SUSE bug 872692 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014. Critical CVE-2014-0510 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014. Moderate CVE-2014-0515 SUSE bug 875577 SUSE bug 886454 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin Policy via unspecified vectors. Important CVE-2014-0516 SUSE bug 877649 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0518, CVE-2014-0519, and CVE-2014-0520. Critical CVE-2014-0517 SUSE bug 877649 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520. Critical CVE-2014-0518 SUSE bug 877649 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0520. Critical CVE-2014-0519 SUSE bug 877649 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0519. Critical CVE-2014-0520 SUSE bug 877649 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0532 and CVE-2014-0533. Moderate CVE-2014-0531 SUSE bug 882187 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0533. Moderate CVE-2014-0532 SUSE bug 882187 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0532. Moderate CVE-2014-0533 SUSE bug 882187 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0535. Moderate CVE-2014-0534 SUSE bug 882187 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0534. Moderate CVE-2014-0535 SUSE bug 882187 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Moderate CVE-2014-0536 SUSE bug 882187 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0539. Critical CVE-2014-0537 SUSE bug 886454 SUSE bug 886472 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 allows attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2014-0538 SUSE bug 891688 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0537. Critical CVE-2014-0539 SUSE bug 886454 SUSE bug 886472 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545. Moderate CVE-2014-0540 SUSE bug 891688 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 allow attackers to bypass intended access restrictions via unspecified vectors. Moderate CVE-2014-0541 SUSE bug 891688 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545. Moderate CVE-2014-0542 SUSE bug 891688 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0544, and CVE-2014-0545. Moderate CVE-2014-0543 SUSE bug 891688 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0545. Moderate CVE-2014-0544 SUSE bug 891688 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0544. Moderate CVE-2014-0545 SUSE bug 891688 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555. Moderate CVE-2014-0547 SUSE bug 895856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspecified vectors. Moderate CVE-2014-0548 SUSE bug 895856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555. Moderate CVE-2014-0549 SUSE bug 895856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555. Moderate CVE-2014-0550 SUSE bug 895856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0552, and CVE-2014-0555. Moderate CVE-2014-0551 SUSE bug 895856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, and CVE-2014-0555. Moderate CVE-2014-0552 SUSE bug 895856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2014-0553 SUSE bug 895856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to bypass intended access restrictions via unspecified vectors. Moderate CVE-2014-0554 SUSE bug 895856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, and CVE-2014-0552. Moderate CVE-2014-0555 SUSE bug 895856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559. Moderate CVE-2014-0556 SUSE bug 895856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. Moderate CVE-2014-0557 SUSE bug 895856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0564. Moderate CVE-2014-0558 SUSE bug 901334 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0556. Moderate CVE-2014-0559 SUSE bug 895856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558. Moderate CVE-2014-0564 SUSE bug 901334 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2014-0569 SUSE bug 901334 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0588 and CVE-2014-8438. Moderate CVE-2014-0573 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2014-0574 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0581, CVE-2014-8440, and CVE-2014-8441. Moderate CVE-2014-0576 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590. Moderate CVE-2014-0577 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116. Critical CVE-2014-0578 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Moderate CVE-2014-0580 SUSE bug 909219 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-8440, and CVE-2014-8441. Important CVE-2014-0581 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0589. Important CVE-2014-0582 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to complete a transition from Low Integrity to Medium Integrity via unspecified vectors. Moderate CVE-2014-0583 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590. Important CVE-2014-0584 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0586, and CVE-2014-0590. Important CVE-2014-0585 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0590. Important CVE-2014-0586 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9164. Moderate CVE-2014-0587 SUSE bug 909219 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-8438. Important CVE-2014-0588 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0582. Important CVE-2014-0589 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0586. Important CVE-2014-0590 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature. Moderate CVE-2014-0591 SUSE bug 858639 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 /opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator. Moderate CVE-2014-0595 SUSE bug 872796 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. Moderate CVE-2014-1444 SUSE bug 858869 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. Moderate CVE-2014-1445 SUSE bug 858870 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. Moderate CVE-2014-1446 SUSE bug 858872 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. Moderate CVE-2014-1447 SUSE bug 858817 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1477 SUSE bug 861847 SUSE bug 862345 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes. Moderate CVE-2014-1479 SUSE bug 861847 SUSE bug 862348 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. Moderate CVE-2014-1480 SUSE bug 861847 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. Moderate CVE-2014-1481 SUSE bug 861847 SUSE bug 862309 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create. Important CVE-2014-1482 SUSE bug 861847 SUSE bug 862356 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions. Moderate CVE-2014-1483 SUSE bug 861847 SUSE bug 862360 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. Moderate CVE-2014-1484 SUSE bug 861847 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions. Moderate CVE-2014-1485 SUSE bug 861847 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. Critical CVE-2014-1486 SUSE bug 861847 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. Moderate CVE-2014-1487 SUSE bug 861847 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. Critical CVE-2014-1488 SUSE bug 861847 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. Moderate CVE-2014-1489 SUSE bug 861847 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. Moderate CVE-2014-1490 SUSE bug 861847 SUSE bug 862300 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. Moderate CVE-2014-1491 SUSE bug 861847 SUSE bug 862289 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1493 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1494 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update. Moderate CVE-2014-1496 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file. Moderate CVE-2014-1497 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm. Moderate CVE-2014-1498 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt. Moderate CVE-2014-1499 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. Moderate CVE-2014-1500 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. Moderate CVE-2014-1501 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. Moderate CVE-2014-1502 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. Moderate CVE-2014-1504 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693. Moderate CVE-2014-1505 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. Moderate CVE-2014-1508 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document. Moderate CVE-2014-1509 SUSE bug 868603 SUSE bug 869339 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. Moderate CVE-2014-1510 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. Moderate CVE-2014-1511 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects. Moderate CVE-2014-1512 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site. Moderate CVE-2014-1513 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class. Moderate CVE-2014-1514 SUSE bug 868603 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2014-1518 SUSE bug 875803 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process. Moderate CVE-2014-1520 SUSE bug 875803 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. Moderate CVE-2014-1523 SUSE bug 875803 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. Critical CVE-2014-1524 SUSE bug 875803 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted. Critical CVE-2014-1529 SUSE bug 875803 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation. Moderate CVE-2014-1530 SUSE bug 875378 SUSE bug 875803 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. Critical CVE-2014-1531 SUSE bug 875803 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution. Critical CVE-2014-1532 SUSE bug 875803 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1533 SUSE bug 881874 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1534 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. Moderate CVE-2014-1536 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Moderate CVE-2014-1537 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Moderate CVE-2014-1538 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. Moderate CVE-2014-1541 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. Moderate CVE-2014-1544 SUSE bug 887746 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. Moderate CVE-2014-1545 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1547 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1548 SUSE bug 887746 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event. Moderate CVE-2014-1555 SUSE bug 887746 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. Moderate CVE-2014-1556 SUSE bug 887746 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. Moderate CVE-2014-1557 SUSE bug 887746 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2014-1562 SUSE bug 894370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. Critical CVE-2014-1567 SUSE bug 894370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. Moderate CVE-2014-1568 SUSE bug 1107874 SUSE bug 897890 SUSE bug 898959 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00. Moderate CVE-2014-1569 SUSE bug 910647 SUSE bug 913096 SUSE bug 917597 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1574 SUSE bug 900941 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors. Moderate CVE-2014-1575 SUSE bug 900941 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style. Moderate CVE-2014-1576 SUSE bug 900941 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value. Moderate CVE-2014-1577 SUSE bug 900941 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback. Moderate CVE-2014-1578 SUSE bug 900941 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. Moderate CVE-2014-1581 SUSE bug 900941 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm. Moderate CVE-2014-1583 SUSE bug 900941 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming. Moderate CVE-2014-1585 SUSE bug 900941 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away. Moderate CVE-2014-1586 SUSE bug 900941 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1587 SUSE bug 908009 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1588 SUSE bug 908009 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding. Moderate CVE-2014-1589 SUSE bug 908009 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object. Moderate CVE-2014-1590 SUSE bug 908009 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect. Moderate CVE-2014-1591 SUSE bug 908009 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. Moderate CVE-2014-1592 SUSE bug 908009 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. Moderate CVE-2014-1593 SUSE bug 908009 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. Moderate CVE-2014-1594 SUSE bug 908009 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. Moderate CVE-2014-1595 SUSE bug 908009 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free. Moderate CVE-2014-1642 SUSE bug 858496 SUSE bug 860092 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors. Important CVE-2014-1666 SUSE bug 860302 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. Moderate CVE-2014-1737 SUSE bug 875798 SUSE bug 877345 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. Moderate CVE-2014-1738 SUSE bug 875798 SUSE bug 877345 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. Moderate CVE-2014-1739 SUSE bug 882804 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context. Moderate CVE-2014-1874 SUSE bug 863335 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. Moderate CVE-2014-1876 SUSE bug 863305 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894. Moderate CVE-2014-1891 SUSE bug 860163 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894. Moderate CVE-2014-1892 SUSE bug 860163 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894. Moderate CVE-2014-1893 SUSE bug 860163 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893. Moderate CVE-2014-1894 SUSE bug 860163 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read. Moderate CVE-2014-1895 SUSE bug 860165 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring." Moderate CVE-2014-1896 SUSE bug 860300 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Important CVE-2014-1912 SUSE bug 1049392 SUSE bug 1049422 SUSE bug 863741 SUSE bug 882915 SUSE bug 912739 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. Moderate CVE-2014-1947 SUSE bug 863838 SUSE bug 905260 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors. Moderate CVE-2014-1950 SUSE bug 861256 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. Moderate CVE-2014-2270 SUSE bug 866750 SUSE bug 883306 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet. Moderate CVE-2014-2281 SUSE bug 867485 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet. Moderate CVE-2014-2282 SUSE bug 867485 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet. Moderate CVE-2014-2283 SUSE bug 867485 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors. Moderate CVE-2014-2284 SUSE bug 866942 SUSE bug 875217 SUSE bug 969779 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data. Moderate CVE-2014-2299 SUSE bug 867485 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. Moderate CVE-2014-2309 SUSE bug 824295 SUSE bug 867531 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151. Moderate CVE-2014-2310 SUSE bug 867349 SUSE bug 875217 SUSE bug 969779 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established. Moderate CVE-2014-2338 SUSE bug 870572 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2014-2397 SUSE bug 873872 SUSE bug 873873 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. Low CVE-2014-2398 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455. Moderate CVE-2014-2402 SUSE bug 873873 SUSE bug 877429 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP. Moderate CVE-2014-2403 SUSE bug 873872 SUSE bug 873873 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451. Moderate CVE-2014-2412 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries. Moderate CVE-2014-2413 SUSE bug 873873 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB. Moderate CVE-2014-2414 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. Moderate CVE-2014-2419 SUSE bug 873896 SUSE bug 999706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Moderate CVE-2014-2421 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458. Moderate CVE-2014-2423 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. Moderate CVE-2014-2427 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema. Moderate CVE-2014-2430 SUSE bug 873896 SUSE bug 999706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options. Moderate CVE-2014-2431 SUSE bug 873896 SUSE bug 999706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated. Moderate CVE-2014-2432 SUSE bug 873896 SUSE bug 999706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML. Moderate CVE-2014-2434 SUSE bug 873896 SUSE bug 999706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Moderate CVE-2014-2435 SUSE bug 1021755 SUSE bug 873896 SUSE bug 999706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR. Moderate CVE-2014-2436 SUSE bug 873896 SUSE bug 999706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication. Low CVE-2014-2438 SUSE bug 873896 SUSE bug 999706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Moderate CVE-2014-2440 SUSE bug 873896 SUSE bug 999706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM. Moderate CVE-2014-2442 SUSE bug 873896 SUSE bug 999706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB. Moderate CVE-2014-2444 SUSE bug 873896 SUSE bug 999706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Moderate CVE-2014-2450 SUSE bug 873896 SUSE bug 999706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges. Moderate CVE-2014-2451 SUSE bug 873896 SUSE bug 999706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations." Moderate CVE-2014-2483 SUSE bug 887530 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS. Moderate CVE-2014-2484 SUSE bug 887580 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2014-2490 SUSE bug 887530 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. Moderate CVE-2014-2494 SUSE bug 887580 SUSE bug 915914 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. Important CVE-2014-2523 SUSE bug 868653 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528. Moderate CVE-2014-2527 SUSE bug 868682 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527. Moderate CVE-2014-2528 SUSE bug 868682 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. Moderate CVE-2014-2532 SUSE bug 1074631 SUSE bug 869101 SUSE bug 890850 SUSE bug 916239 SUSE bug 996040 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function. Moderate CVE-2014-2583 SUSE bug 870433 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input. Moderate CVE-2014-2599 SUSE bug 867910 SUSE bug 880751 SUSE bug 903970 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions. Moderate CVE-2014-2672 SUSE bug 871148 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. Moderate CVE-2014-2678 SUSE bug 871561 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. Moderate CVE-2014-2706 SUSE bug 871797 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. Moderate CVE-2014-2851 SUSE bug 824295 SUSE bug 873374 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. Important CVE-2014-2891 SUSE bug 876449 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption. Moderate CVE-2014-2894 SUSE bug 874749 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. Critical CVE-2014-2977 SUSE bug 878345 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write. Critical CVE-2014-2978 SUSE bug 878349 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. Important CVE-2014-3121 SUSE bug 876101 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. Moderate CVE-2014-3122 SUSE bug 824295 SUSE bug 876102 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. Moderate CVE-2014-3144 SUSE bug 824295 SUSE bug 877257 SUSE bug 889071 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. Moderate CVE-2014-3145 SUSE bug 824295 SUSE bug 877257 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function. Moderate CVE-2014-3146 SUSE bug 1118088 SUSE bug 877258 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. Important CVE-2014-3153 SUSE bug 877775 SUSE bug 880892 SUSE bug 882228 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables." Moderate CVE-2014-3158 SUSE bug 891489 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. Moderate CVE-2014-3181 SUSE bug 896382 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. Moderate CVE-2014-3184 SUSE bug 896390 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. Moderate CVE-2014-3185 SUSE bug 896391 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report. Moderate CVE-2014-3186 SUSE bug 896392 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. Moderate CVE-2014-3248 SUSE bug 879913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. Moderate CVE-2014-3250 SUSE bug 879913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. Moderate CVE-2014-3421 SUSE bug 876847 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. Moderate CVE-2014-3422 SUSE bug 876847 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. Moderate CVE-2014-3423 SUSE bug 876847 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. Moderate CVE-2014-3424 SUSE bug 876847 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks." Moderate CVE-2014-3461 SUSE bug 878541 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. Moderate CVE-2014-3466 SUSE bug 880730 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Moderate CVE-2014-3467 SUSE bug 880737 SUSE bug 880910 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. Moderate CVE-2014-3468 SUSE bug 880735 SUSE bug 880910 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. Moderate CVE-2014-3469 SUSE bug 880738 SUSE bug 880910 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. Moderate CVE-2014-3470 SUSE bug 880891 SUSE bug 883126 SUSE bug 885777 SUSE bug 905106 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices. Moderate CVE-2014-3471 SUSE bug 883826 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service. Moderate CVE-2014-3477 SUSE bug 1010769 SUSE bug 881137 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference. Moderate CVE-2014-3493 SUSE bug 878642 SUSE bug 880962 SUSE bug 883758 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. Important CVE-2014-3505 SUSE bug 890759 SUSE bug 890764 SUSE bug 890767 SUSE bug 905106 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. Important CVE-2014-3506 SUSE bug 890759 SUSE bug 890764 SUSE bug 890768 SUSE bug 905106 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function. Important CVE-2014-3507 SUSE bug 890759 SUSE bug 890764 SUSE bug 890769 SUSE bug 905106 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. Important CVE-2014-3508 SUSE bug 890759 SUSE bug 890764 SUSE bug 905106 SUSE bug 950708 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. Important CVE-2014-3510 SUSE bug 890759 SUSE bug 890764 SUSE bug 890770 SUSE bug 905106 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. Moderate CVE-2014-3537 SUSE bug 887240 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order." Moderate CVE-2014-3564 SUSE bug 890123 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. Moderate CVE-2014-3565 SUSE bug 894361 SUSE bug 969779 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. Moderate CVE-2014-3566 SUSE bug 1011293 SUSE bug 1031023 SUSE bug 901223 SUSE bug 901254 SUSE bug 901277 SUSE bug 901748 SUSE bug 901757 SUSE bug 901759 SUSE bug 901889 SUSE bug 901968 SUSE bug 902229 SUSE bug 902233 SUSE bug 902476 SUSE bug 903405 SUSE bug 903684 SUSE bug 904889 SUSE bug 905106 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. Important CVE-2014-3567 SUSE bug 877506 SUSE bug 901277 SUSE bug 905106 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. Low CVE-2014-3568 SUSE bug 901277 SUSE bug 905106 SUSE bug 911399 SUSE bug 986238 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix. Moderate CVE-2014-3569 SUSE bug 911399 SUSE bug 927623 SUSE bug 986238 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. Moderate CVE-2014-3570 SUSE bug 912296 SUSE bug 927623 SUSE bug 937891 SUSE bug 944456 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. Moderate CVE-2014-3571 SUSE bug 912294 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. Moderate CVE-2014-3572 SUSE bug 912015 SUSE bug 927623 SUSE bug 937891 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. Important CVE-2014-3575 SUSE bug 893141 SUSE bug 934423 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. Moderate CVE-2014-3591 SUSE bug 920057 SUSE bug 949135 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. Moderate CVE-2014-3601 SUSE bug 892782 SUSE bug 902675 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. Moderate CVE-2014-3610 SUSE bug 899192 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. Moderate CVE-2014-3613 SUSE bug 894575 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes." Moderate CVE-2014-3618 SUSE bug 1068648 SUSE bug 894999 SUSE bug 898303 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read. Low CVE-2014-3633 SUSE bug 897783 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls. Moderate CVE-2014-3638 SUSE bug 896453 SUSE bug 903055 SUSE bug 903057 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket. CVE-2014-3640 SUSE bug 897654 SUSE bug 965112 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. Moderate CVE-2014-3646 SUSE bug 899192 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. Moderate CVE-2014-3647 SUSE bug 1013038 SUSE bug 1134834 SUSE bug 899192 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command. Moderate CVE-2014-3657 SUSE bug 897783 SUSE bug 899484 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. Moderate CVE-2014-3660 SUSE bug 1123919 SUSE bug 901546 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. Important CVE-2014-3673 SUSE bug 902346 SUSE bug 902349 SUSE bug 904899 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet. Moderate CVE-2014-3675 SUSE bug 889332 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option." Moderate CVE-2014-3676 SUSE bug 889332 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption. Moderate CVE-2014-3677 SUSE bug 889332 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. Moderate CVE-2014-3686 SUSE bug 1063667 SUSE bug 900611 SUSE bug 915323 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. Important CVE-2014-3687 SUSE bug 902349 SUSE bug 904899 SUSE bug 909208 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. Important CVE-2014-3688 SUSE bug 902351 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. Moderate CVE-2014-3689 SUSE bug 1189862 SUSE bug 901508 SUSE bug 962611 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. Moderate CVE-2014-3690 SUSE bug 902232 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599. Moderate CVE-2014-3693 SUSE bug 900214 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response. Moderate CVE-2014-3695 SUSE bug 902409 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation. Moderate CVE-2014-3696 SUSE bug 902410 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message. Moderate CVE-2014-3698 SUSE bug 902408 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. Moderate CVE-2014-3707 SUSE bug 901924 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. Moderate CVE-2014-3710 SUSE bug 902367 SUSE bug 910252 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. Moderate CVE-2014-3917 SUSE bug 880484 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. Moderate CVE-2014-3967 SUSE bug 878841 SUSE bug 880751 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged. Moderate CVE-2014-3968 SUSE bug 878841 SUSE bug 880751 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet. Low CVE-2014-3970 SUSE bug 881524 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. Moderate CVE-2014-4021 SUSE bug 880751 SUSE bug 903970 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. Moderate CVE-2014-4027 SUSE bug 882639 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. Moderate CVE-2014-4043 SUSE bug 882600 SUSE bug 939797 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. Moderate CVE-2014-4171 SUSE bug 883518 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. Moderate CVE-2014-4207 SUSE bug 887580 SUSE bug 915914 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220. Moderate CVE-2014-4208 SUSE bug 887530 SUSE bug 891701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX. Moderate CVE-2014-4209 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP. Moderate CVE-2014-4214 SUSE bug 887580 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2014-4216 SUSE bug 887530 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries. Moderate CVE-2014-4218 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2014-4219 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208. Moderate CVE-2014-4220 SUSE bug 887530 SUSE bug 891701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Moderate CVE-2014-4221 SUSE bug 887530 SUSE bug 891701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483. Moderate CVE-2014-4223 SUSE bug 887530 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Moderate CVE-2014-4227 SUSE bug 887530 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP. Moderate CVE-2014-4233 SUSE bug 887580 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. Moderate CVE-2014-4238 SUSE bug 887580 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP. Moderate CVE-2014-4240 SUSE bug 887580 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED. Moderate CVE-2014-4243 SUSE bug 887580 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. Moderate CVE-2014-4244 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. Moderate CVE-2014-4247 SUSE bug 887530 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. Moderate CVE-2014-4252 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. Moderate CVE-2014-4258 SUSE bug 887580 SUSE bug 915914 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR. Moderate CVE-2014-4260 SUSE bug 887580 SUSE bug 915914 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2014-4262 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement." Moderate CVE-2014-4263 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security. Moderate CVE-2014-4264 SUSE bug 887530 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment. Moderate CVE-2014-4265 SUSE bug 887530 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability. Moderate CVE-2014-4266 SUSE bug 887530 SUSE bug 891701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. Moderate CVE-2014-4268 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM. Moderate CVE-2014-4274 SUSE bug 857678 SUSE bug 896400 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS. Moderate CVE-2014-4287 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. Moderate CVE-2014-4288 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. Moderate CVE-2014-4330 SUSE bug 896715 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. Moderate CVE-2014-4341 SUSE bug 770172 SUSE bug 886016 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session. Moderate CVE-2014-4342 SUSE bug 770172 SUSE bug 886016 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator. Moderate CVE-2014-4343 SUSE bug 770172 SUSE bug 888697 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation. Moderate CVE-2014-4344 SUSE bug 888697 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands. Moderate CVE-2014-4345 SUSE bug 770172 SUSE bug 891082 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. Important CVE-2014-4508 SUSE bug 883724 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run. Moderate CVE-2014-4607 SUSE bug 883947 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 ** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype." Moderate CVE-2014-4608 SUSE bug 883948 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. Moderate CVE-2014-4617 SUSE bug 884130 SUSE bug 962098 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. Moderate CVE-2014-4650 SUSE bug 856835 SUSE bug 856836 SUSE bug 863741 SUSE bug 885882 SUSE bug 898572 SUSE bug 912739 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. Moderate CVE-2014-4652 SUSE bug 883795 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. Moderate CVE-2014-4653 SUSE bug 883795 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. Moderate CVE-2014-4654 SUSE bug 883795 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. Moderate CVE-2014-4655 SUSE bug 883795 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. Moderate CVE-2014-4656 SUSE bug 883795 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. Moderate CVE-2014-4667 SUSE bug 885422 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. Critical CVE-2014-4671 SUSE bug 886454 SUSE bug 891688 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. Moderate CVE-2014-4699 SUSE bug 885725 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. Important CVE-2014-4877 SUSE bug 902709 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. Important CVE-2014-4943 SUSE bug 887082 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. Moderate CVE-2014-5029 SUSE bug 887240 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. Moderate CVE-2014-5030 SUSE bug 887240 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. Moderate CVE-2014-5031 SUSE bug 887240 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. Important CVE-2014-5077 SUSE bug 889173 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. Moderate CVE-2014-5119 SUSE bug 892073 SUSE bug 903057 SUSE bug 916222 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root. Moderate CVE-2014-5220 SUSE bug 910500 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576. Moderate CVE-2014-5270 SUSE bug 892464 SUSE bug 920057 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access. Moderate CVE-2014-5351 SUSE bug 897874 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind. Moderate CVE-2014-5352 SUSE bug 1005509 SUSE bug 770172 SUSE bug 912002 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. Low CVE-2014-5353 SUSE bug 910457 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command. Low CVE-2014-5354 SUSE bug 910458 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c. Moderate CVE-2014-5355 SUSE bug 770172 SUSE bug 918595 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. Moderate CVE-2014-5471 SUSE bug 892490 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. Moderate CVE-2014-5472 SUSE bug 892490 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. Moderate CVE-2014-6040 SUSE bug 894553 SUSE bug 903057 SUSE bug 916222 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow. Moderate CVE-2014-6051 SUSE bug 897031 SUSE bug 900896 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message. Moderate CVE-2014-6052 SUSE bug 897031 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. Moderate CVE-2014-6053 SUSE bug 897031 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message. Moderate CVE-2014-6054 SUSE bug 897031 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message. Moderate CVE-2014-6055 SUSE bug 897031 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. Important CVE-2014-6271 SUSE bug 1024628 SUSE bug 1130324 SUSE bug 870618 SUSE bug 896776 SUSE bug 898346 SUSE bug 898604 SUSE bug 898812 SUSE bug 898884 SUSE bug 900127 SUSE bug 900454 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later. Moderate CVE-2014-6272 SUSE bug 897243 SUSE bug 943011 SUSE bug 947373 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode. Moderate CVE-2014-6410 SUSE bug 896689 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. Moderate CVE-2014-6421 SUSE bug 897055 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. Moderate CVE-2014-6422 SUSE bug 897055 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line. Moderate CVE-2014-6423 SUSE bug 897055 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. Moderate CVE-2014-6424 SUSE bug 897055 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. Moderate CVE-2014-6427 SUSE bug 897055 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2014-6428 SUSE bug 897055 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. Moderate CVE-2014-6429 SUSE bug 897055 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. Moderate CVE-2014-6430 SUSE bug 897055 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. Moderate CVE-2014-6431 SUSE bug 897055 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. Moderate CVE-2014-6432 SUSE bug 897055 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string. Important CVE-2014-6438 SUSE bug 937962 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Moderate CVE-2014-6456 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. Moderate CVE-2014-6457 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Moderate CVE-2014-6458 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML. Moderate CVE-2014-6463 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS. Moderate CVE-2014-6464 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Moderate CVE-2014-6466 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2014-6468 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. Moderate CVE-2014-6469 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED. Moderate CVE-2014-6474 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. Moderate CVE-2014-6476 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL. Moderate CVE-2014-6478 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML. Moderate CVE-2014-6484 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Moderate CVE-2014-6485 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP. Moderate CVE-2014-6489 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500. Moderate CVE-2014-6491 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Moderate CVE-2014-6492 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532. Moderate CVE-2014-6493 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496. Moderate CVE-2014-6494 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL. Moderate CVE-2014-6495 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494. Moderate CVE-2014-6496 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491. Moderate CVE-2014-6500 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. Moderate CVE-2014-6502 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532. Moderate CVE-2014-6503 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot. Moderate CVE-2014-6504 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE. Moderate CVE-2014-6505 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2014-6506 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. Moderate CVE-2014-6507 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Moderate CVE-2014-6511 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. Moderate CVE-2014-6512 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. Moderate CVE-2014-6513 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. Moderate CVE-2014-6515 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP. Moderate CVE-2014-6517 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot. Moderate CVE-2014-6519 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL. Moderate CVE-2014-6520 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. Moderate CVE-2014-6527 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP. Moderate CVE-2014-6530 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Moderate CVE-2014-6531 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. Moderate CVE-2014-6532 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2014-6549 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN. Moderate CVE-2014-6551 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. Moderate CVE-2014-6555 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. Moderate CVE-2014-6558 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. Moderate CVE-2014-6559 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2014-6562 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML. Moderate CVE-2014-6564 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. Moderate CVE-2014-6568 SUSE bug 914058 SUSE bug 915911 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591. Moderate CVE-2014-6585 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2014-6587 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. Moderate CVE-2014-6591 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. Moderate CVE-2014-6593 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2014-6601 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors. Moderate CVE-2014-7154 SUSE bug 880751 SUSE bug 895798 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. Moderate CVE-2014-7155 SUSE bug 880751 SUSE bug 895799 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors. Moderate CVE-2014-7156 SUSE bug 880751 SUSE bug 895802 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. Important CVE-2014-7169 SUSE bug 1024628 SUSE bug 1130324 SUSE bug 870618 SUSE bug 896776 SUSE bug 898346 SUSE bug 898812 SUSE bug 898884 SUSE bug 899266 SUSE bug 900127 SUSE bug 900454 SUSE bug 902237 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Moderate CVE-2014-7185 SUSE bug 898572 SUSE bug 912739 SUSE bug 913479 SUSE bug 955182 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue. Moderate CVE-2014-7186 SUSE bug 1024628 SUSE bug 898603 SUSE bug 898812 SUSE bug 898884 SUSE bug 899039 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue. Important CVE-2014-7187 SUSE bug 1024628 SUSE bug 898603 SUSE bug 898812 SUSE bug 898884 SUSE bug 899039 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors. Important CVE-2014-7188 SUSE bug 880751 SUSE bug 897657 SUSE bug 903970 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP4 The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. Moderate CVE-2014-7815 SUSE bug 902737 SUSE bug 962627 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". Moderate CVE-2014-7817 SUSE bug 906371 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem. Moderate CVE-2014-7822 SUSE bug 915322 SUSE bug 915517 SUSE bug 939240 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag. Low CVE-2014-7823 SUSE bug 904176 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. CVE-2014-7826 SUSE bug 904012 SUSE bug 904013 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. Moderate CVE-2014-7840 SUSE bug 905097 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. Important CVE-2014-7841 SUSE bug 904899 SUSE bug 905100 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313. Moderate CVE-2014-7842 SUSE bug 905312 SUSE bug 907822 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. Important CVE-2014-7844 SUSE bug 909208 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. Moderate CVE-2014-7970 SUSE bug 900644 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call. Moderate CVE-2014-7975 SUSE bug 900392 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. Moderate CVE-2014-8080 SUSE bug 902851 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag. Moderate CVE-2014-8086 SUSE bug 900881 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080. Moderate CVE-2014-8090 SUSE bug 905326 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request. Moderate CVE-2014-8091 SUSE bug 882226 SUSE bug 907268 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write. Moderate CVE-2014-8092 SUSE bug 1146596 SUSE bug 907268 SUSE bug 928520 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write. Important CVE-2014-8093 SUSE bug 907268 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write. Moderate CVE-2014-8094 SUSE bug 907268 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function. Moderate CVE-2014-8095 SUSE bug 907268 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value. Moderate CVE-2014-8096 SUSE bug 907268 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function. Moderate CVE-2014-8097 SUSE bug 907268 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function. Important CVE-2014-8098 SUSE bug 907268 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function. Moderate CVE-2014-8099 SUSE bug 907268 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function. Moderate CVE-2014-8100 SUSE bug 907268 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function. Moderate CVE-2014-8101 SUSE bug 907268 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value. Moderate CVE-2014-8102 SUSE bug 907268 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. Moderate CVE-2014-8104 SUSE bug 907764 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. Moderate CVE-2014-8106 SUSE bug 1023004 SUSE bug 1178658 SUSE bug 907805 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. Moderate CVE-2014-8116 SUSE bug 910252 SUSE bug 910253 SUSE bug 917152 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. Moderate CVE-2014-8117 SUSE bug 910252 SUSE bug 910253 SUSE bug 917152 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow. Important CVE-2014-8118 SUSE bug 1101137 SUSE bug 906803 SUSE bug 908128 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. Moderate CVE-2014-8119 SUSE bug 925225 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. Moderate CVE-2014-8121 SUSE bug 918187 SUSE bug 945779 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool. Critical CVE-2014-8127 SUSE bug 914890 SUSE bug 916925 SUSE bug 942690 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. Critical CVE-2014-8128 SUSE bug 1007276 SUSE bug 1017690 SUSE bug 1040322 SUSE bug 914890 SUSE bug 916925 SUSE bug 942690 SUSE bug 960341 SUSE bug 974621 SUSE bug 983436 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. Critical CVE-2014-8129 SUSE bug 914890 SUSE bug 916925 SUSE bug 942690 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. Critical CVE-2014-8130 SUSE bug 914890 SUSE bug 916925 SUSE bug 942690 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. Low CVE-2014-8131 SUSE bug 909274 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. Moderate CVE-2014-8132 SUSE bug 910790 SUSE bug 928323 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value. Moderate CVE-2014-8133 SUSE bug 817142 SUSE bug 906545 SUSE bug 907818 SUSE bug 909077 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. Moderate CVE-2014-8134 SUSE bug 907818 SUSE bug 909077 SUSE bug 909078 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command. Low CVE-2014-8135 SUSE bug 910860 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. Low CVE-2014-8136 SUSE bug 910862 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file. Moderate CVE-2014-8137 SUSE bug 1178702 SUSE bug 909474 SUSE bug 909475 SUSE bug 911837 SUSE bug 968373 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file. Moderate CVE-2014-8138 SUSE bug 1178702 SUSE bug 909474 SUSE bug 909475 SUSE bug 911837 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. Moderate CVE-2014-8139 SUSE bug 909214 SUSE bug 915880 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. Moderate CVE-2014-8140 SUSE bug 909214 SUSE bug 914442 SUSE bug 915880 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. Moderate CVE-2014-8141 SUSE bug 909214 SUSE bug 915880 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation. Moderate CVE-2014-8143 SUSE bug 914279 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP4 The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. Moderate CVE-2014-8146 SUSE bug 1066493 SUSE bug 910805 SUSE bug 927951 SUSE bug 929629 SUSE bug 959178 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. Moderate CVE-2014-8147 SUSE bug 1066493 SUSE bug 1079317 SUSE bug 910805 SUSE bug 910806 SUSE bug 927951 SUSE bug 929629 SUSE bug 959178 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. Moderate CVE-2014-8150 SUSE bug 911363 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. Moderate CVE-2014-8151 SUSE bug 911363 SUSE bug 911666 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. Moderate CVE-2014-8155 SUSE bug 920366 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. Moderate CVE-2014-8159 SUSE bug 903967 SUSE bug 914742 SUSE bug 939241 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. Moderate CVE-2014-8160 SUSE bug 857643 SUSE bug 913059 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message. Moderate CVE-2014-8161 SUSE bug 916953 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses. Moderate CVE-2014-8182 SUSE bug 998096 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack. Low CVE-2014-8242 SUSE bug 900914 SUSE bug 922710 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. Moderate CVE-2014-8275 SUSE bug 912018 SUSE bug 927623 SUSE bug 937891 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. Low CVE-2014-8354 SUSE bug 903204 SUSE bug 903638 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). Low CVE-2014-8355 SUSE bug 903216 SUSE bug 903638 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601. Moderate CVE-2014-8369 SUSE bug 892782 SUSE bug 902675 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow remote attackers to discover session tokens via unspecified vectors. Important CVE-2014-8437 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-0588. Important CVE-2014-8438 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. Moderate CVE-2014-8439 SUSE bug 907257 SUSE bug 909219 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441. Important CVE-2014-8440 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8440. Important CVE-2014-8441 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions. Moderate CVE-2014-8442 SUSE bug 905032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2014-8443 SUSE bug 909219 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record. Moderate CVE-2014-8484 SUSE bug 902676 SUSE bug 902677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. Moderate CVE-2014-8485 SUSE bug 902676 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals. Moderate CVE-2014-8500 SUSE bug 908994 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. Moderate CVE-2014-8501 SUSE bug 903655 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file. Moderate CVE-2014-8502 SUSE bug 903655 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file. Moderate CVE-2014-8503 SUSE bug 903655 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file. Moderate CVE-2014-8504 SUSE bug 903655 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application. Moderate CVE-2014-8559 SUSE bug 903640 SUSE bug 915517 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 imagemagick 6.8.9.6 has remote DOS via infinite loop Low CVE-2014-8561 SUSE bug 1156786 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). Moderate CVE-2014-8562 SUSE bug 903638 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). Moderate CVE-2014-8594 SUSE bug 903967 SUSE bug 903970 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. Moderate CVE-2014-8595 SUSE bug 903970 SUSE bug 907649 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-8634 SUSE bug 913064 SUSE bug 913096 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. Moderate CVE-2014-8636 SUSE bug 913096 SUSE bug 913102 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element. Moderate CVE-2014-8637 SUSE bug 913096 SUSE bug 913103 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site. Moderate CVE-2014-8638 SUSE bug 913068 SUSE bug 913096 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. Moderate CVE-2014-8639 SUSE bug 913066 SUSE bug 913096 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls. Moderate CVE-2014-8640 SUSE bug 913096 SUSE bug 913104 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data. Moderate CVE-2014-8641 SUSE bug 913067 SUSE bug 913096 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument. Low CVE-2014-8651 SUSE bug 904625 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets. Important CVE-2014-8709 SUSE bug 904700 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. Moderate CVE-2014-8710 SUSE bug 905246 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet. Moderate CVE-2014-8711 SUSE bug 905245 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2014-8712 SUSE bug 905248 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2014-8713 SUSE bug 905248 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Moderate CVE-2014-8714 SUSE bug 905247 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash). Moderate CVE-2014-8716 SUSE bug 905260 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. Moderate CVE-2014-8737 SUSE bug 905736 SUSE bug 912408 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive. Moderate CVE-2014-8738 SUSE bug 905735 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame. Low CVE-2014-8767 SUSE bug 905870 SUSE bug 905871 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. Low CVE-2014-8769 SUSE bug 905871 SUSE bug 905872 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode. Moderate CVE-2014-8866 SUSE bug 903970 SUSE bug 905465 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. Moderate CVE-2014-8867 SUSE bug 903970 SUSE bug 905467 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. Moderate CVE-2014-8884 SUSE bug 904876 SUSE bug 905522 SUSE bug 905739 SUSE bug 905744 SUSE bug 905748 SUSE bug 905764 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. Moderate CVE-2014-8962 SUSE bug 906831 SUSE bug 907764 SUSE bug 969774 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. Moderate CVE-2014-8964 SUSE bug 906574 SUSE bug 924960 SUSE bug 933288 SUSE bug 936408 SUSE bug 958373 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. Moderate CVE-2014-9028 SUSE bug 907016 SUSE bug 969774 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow. Moderate CVE-2014-9029 SUSE bug 1178702 SUSE bug 906364 SUSE bug 909474 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. Moderate CVE-2014-9030 SUSE bug 903970 SUSE bug 906439 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. Moderate CVE-2014-9050 SUSE bug 1040662 SUSE bug 906770 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. Moderate CVE-2014-9087 SUSE bug 907074 SUSE bug 926826 SUSE bug 996084 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. Moderate CVE-2014-9090 SUSE bug 817142 SUSE bug 907818 SUSE bug 909077 SUSE bug 910251 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP4 LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. Moderate CVE-2014-9093 SUSE bug 907636 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. Moderate CVE-2014-9112 SUSE bug 907456 SUSE bug 913479 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. Moderate CVE-2014-9114 SUSE bug 907434 SUSE bug 908742 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. Moderate CVE-2014-9116 SUSE bug 907453 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. Low CVE-2014-9140 SUSE bug 923142 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string. Moderate CVE-2014-9157 SUSE bug 908426 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to obtain sensitive information via unspecified vectors. Moderate CVE-2014-9162 SUSE bug 909219 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014. Moderate CVE-2014-9163 SUSE bug 909219 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0587. Moderate CVE-2014-9164 SUSE bug 909219 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. Moderate CVE-2014-9221 SUSE bug 910491 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. Low CVE-2014-9278 SUSE bug 908424 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Important CVE-2014-9293 SUSE bug 910764 SUSE bug 911053 SUSE bug 911792 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Important CVE-2014-9294 SUSE bug 910764 SUSE bug 911053 SUSE bug 911792 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. Important CVE-2014-9295 SUSE bug 910764 SUSE bug 911792 SUSE bug 916239 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage. Important CVE-2014-9297 SUSE bug 911792 SUSE bug 948963 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage. Important CVE-2014-9298 SUSE bug 911792 SUSE bug 948963 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. Important CVE-2014-9322 SUSE bug 817142 SUSE bug 910251 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." Moderate CVE-2014-9328 SUSE bug 1040662 SUSE bug 915512 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. Low CVE-2014-9402 SUSE bug 910599 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. Low CVE-2014-9419 SUSE bug 911326 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image. Moderate CVE-2014-9420 SUSE bug 906545 SUSE bug 911325 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind. Moderate CVE-2014-9421 SUSE bug 1005509 SUSE bug 770172 SUSE bug 912002 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal. Moderate CVE-2014-9422 SUSE bug 1005509 SUSE bug 770172 SUSE bug 912002 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field. Moderate CVE-2014-9423 SUSE bug 1005509 SUSE bug 912002 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. Moderate CVE-2014-9447 SUSE bug 911662 SUSE bug 912408 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command. Moderate CVE-2014-9471 SUSE bug 911832 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str. Low CVE-2014-9474 SUSE bug 911812 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. Moderate CVE-2014-9496 SUSE bug 911796 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. Moderate CVE-2014-9512 SUSE bug 915410 SUSE bug 960191 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. Moderate CVE-2014-9529 SUSE bug 912202 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop. Moderate CVE-2014-9556 SUSE bug 912214 SUSE bug 919283 SUSE bug 934533 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. Moderate CVE-2014-9584 SUSE bug 912654 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. Important CVE-2014-9585 SUSE bug 912705 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. Low CVE-2014-9620 SUSE bug 913651 SUSE bug 917152 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. Low CVE-2014-9621 SUSE bug 913650 SUSE bug 917152 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. Important CVE-2014-9622 SUSE bug 913676 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. Moderate CVE-2014-9636 SUSE bug 914442 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. Moderate CVE-2014-9638 SUSE bug 914439 SUSE bug 914441 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. Moderate CVE-2014-9639 SUSE bug 1081744 SUSE bug 914439 SUSE bug 914441 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. Low CVE-2014-9653 SUSE bug 917152 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923. Moderate CVE-2014-9654 SUSE bug 917129 SUSE bug 929629 SUSE bug 952260 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif. Moderate CVE-2014-9655 SUSE bug 914890 SUSE bug 916925 SUSE bug 916927 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. Moderate CVE-2014-9656 SUSE bug 916847 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. Moderate CVE-2014-9657 SUSE bug 916856 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. Moderate CVE-2014-9658 SUSE bug 916857 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240. Moderate CVE-2014-9659 SUSE bug 916867 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. Moderate CVE-2014-9660 SUSE bug 916858 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font. Moderate CVE-2014-9661 SUSE bug 916859 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font. Moderate CVE-2014-9662 SUSE bug 916860 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table. Moderate CVE-2014-9663 SUSE bug 916865 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. Moderate CVE-2014-9664 SUSE bug 916864 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file. Moderate CVE-2014-9665 SUSE bug 916863 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. Moderate CVE-2014-9666 SUSE bug 916862 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. Moderate CVE-2014-9667 SUSE bug 916861 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file. Moderate CVE-2014-9668 SUSE bug 916868 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table. Moderate CVE-2014-9669 SUSE bug 916870 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row. Moderate CVE-2014-9670 SUSE bug 916871 SUSE bug 933247 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented. Moderate CVE-2014-9671 SUSE bug 916872 SUSE bug 933247 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file. Moderate CVE-2014-9672 SUSE bug 916873 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. Moderate CVE-2014-9673 SUSE bug 916874 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. Moderate CVE-2014-9674 SUSE bug 916879 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font. Moderate CVE-2014-9675 SUSE bug 916881 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. Moderate CVE-2014-9679 SUSE bug 917799 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. Low CVE-2014-9680 SUSE bug 917806 SUSE bug 919737 SUSE bug 921999 SUSE bug 953359 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. Moderate CVE-2014-9683 SUSE bug 918333 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack. Moderate CVE-2014-9687 SUSE bug 920160 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. Moderate CVE-2014-9709 SUSE bug 923945 SUSE bug 923946 SUSE bug 980366 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit. Moderate CVE-2014-9710 SUSE bug 923908 SUSE bug 939260 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment. Moderate CVE-2014-9715 SUSE bug 927780 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP4 The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions. Moderate CVE-2014-9718 SUSE bug 928393 SUSE bug 964431 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c. Moderate CVE-2014-9728 SUSE bug 911325 SUSE bug 933904 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. Moderate CVE-2014-9729 SUSE bug 911325 SUSE bug 933904 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. Moderate CVE-2014-9730 SUSE bug 911325 SUSE bug 933904 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c. Moderate CVE-2014-9731 SUSE bug 911325 SUSE bug 933896 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive. Moderate CVE-2014-9732 SUSE bug 934524 SUSE bug 934533 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. Moderate CVE-2014-9756 SUSE bug 953516 SUSE bug 953519 SUSE bug 953521 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. Moderate CVE-2014-9761 SUSE bug 962738 SUSE bug 986086 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. Moderate CVE-2014-9769 SUSE bug 973012 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation. Moderate CVE-2014-9771 SUSE bug 974854 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. Critical CVE-2015-0204 SUSE bug 912014 SUSE bug 920482 SUSE bug 920484 SUSE bug 927591 SUSE bug 927623 SUSE bug 952088 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. Moderate CVE-2015-0205 SUSE bug 912293 SUSE bug 927623 SUSE bug 937891 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. Moderate CVE-2015-0206 SUSE bug 912292 SUSE bug 927623 SUSE bug 937891 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server. Moderate CVE-2015-0207 SUSE bug 922494 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature. Moderate CVE-2015-0208 SUSE bug 922498 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. Critical CVE-2015-0209 SUSE bug 919648 SUSE bug 936586 SUSE bug 937891 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Important CVE-2015-0235 SUSE bug 844309 SUSE bug 913646 SUSE bug 949238 SUSE bug 954983 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. Moderate CVE-2015-0236 SUSE bug 914693 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. Important CVE-2015-0240 SUSE bug 917376 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow. Moderate CVE-2015-0241 SUSE bug 916953 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Moderate CVE-2015-0243 SUSE bug 916953 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. Moderate CVE-2015-0244 SUSE bug 916953 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. Moderate CVE-2015-0245 SUSE bug 1003898 SUSE bug 916343 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. Moderate CVE-2015-0247 SUSE bug 1123790 SUSE bug 915402 SUSE bug 918346 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. Moderate CVE-2015-0255 SUSE bug 915810 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. Moderate CVE-2015-0261 SUSE bug 922220 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. Moderate CVE-2015-0272 SUSE bug 944296 SUSE bug 951638 SUSE bug 955354 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request. Moderate CVE-2015-0275 SUSE bug 919032 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. Moderate CVE-2015-0282 SUSE bug 919938 SUSE bug 921684 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack. Moderate CVE-2015-0285 SUSE bug 921572 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. Critical CVE-2015-0286 SUSE bug 919648 SUSE bug 922496 SUSE bug 936586 SUSE bug 937891 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. Critical CVE-2015-0287 SUSE bug 919648 SUSE bug 922499 SUSE bug 936586 SUSE bug 937891 SUSE bug 968888 SUSE bug 991722 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. Critical CVE-2015-0288 SUSE bug 919648 SUSE bug 920236 SUSE bug 936586 SUSE bug 937891 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. Critical CVE-2015-0289 SUSE bug 919648 SUSE bug 922500 SUSE bug 936586 SUSE bug 937891 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors. Moderate CVE-2015-0290 SUSE bug 922493 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation. Moderate CVE-2015-0291 SUSE bug 922490 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow. Critical CVE-2015-0292 SUSE bug 919648 SUSE bug 922501 SUSE bug 936586 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. Critical CVE-2015-0293 SUSE bug 919648 SUSE bug 922488 SUSE bug 936586 SUSE bug 968044 SUSE bug 968051 SUSE bug 968053 SUSE bug 986238 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. Moderate CVE-2015-0294 SUSE bug 919938 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. Low CVE-2015-0295 SUSE bug 921999 SUSE bug 927806 SUSE bug 927807 SUSE bug 927808 SUSE bug 936523 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory. Low CVE-2015-0296 SUSE bug 920172 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors. Moderate CVE-2015-0301 SUSE bug 913057 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to obtain sensitive keystroke information via unspecified vectors. Moderate CVE-2015-0302 SUSE bug 913057 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0306. Moderate CVE-2015-0303 SUSE bug 913057 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0309. Critical CVE-2015-0304 SUSE bug 913057 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion." Critical CVE-2015-0305 SUSE bug 913057 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0303. Critical CVE-2015-0306 SUSE bug 913057 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors. Moderate CVE-2015-0307 SUSE bug 913057 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors. Critical CVE-2015-0308 SUSE bug 913057 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304. Critical CVE-2015-0309 SUSE bug 913057 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015. Important CVE-2015-0310 SUSE bug 914333 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. Important CVE-2015-0311 SUSE bug 914463 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors. Important CVE-2015-0312 SUSE bug 914463 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. Critical CVE-2015-0313 SUSE bug 915918 SUSE bug 916374 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330. Critical CVE-2015-0314 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0320, and CVE-2015-0322. Critical CVE-2015-0315 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330. Critical CVE-2015-0316 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0319. Critical CVE-2015-0317 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330. Critical CVE-2015-0318 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0317. Critical CVE-2015-0319 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0322. Critical CVE-2015-0320 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0329, and CVE-2015-0330. Critical CVE-2015-0321 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0320. Critical CVE-2015-0322 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0327. Critical CVE-2015-0323 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors. Critical CVE-2015-0324 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0326 and CVE-2015-0328. Critical CVE-2015-0325 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0328. Critical CVE-2015-0326 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0323. Critical CVE-2015-0327 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0326. Critical CVE-2015-0328 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0330. Critical CVE-2015-0329 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0329. Critical CVE-2015-0330 SUSE bug 915918 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0333, CVE-2015-0335, and CVE-2015-0339. Important CVE-2015-0332 SUSE bug 922033 SUSE bug 922296 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0335, and CVE-2015-0339. Important CVE-2015-0333 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0336. Important CVE-2015-0334 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0339. Important CVE-2015-0335 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334. Important CVE-2015-0336 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Important CVE-2015-0337 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors. Important CVE-2015-0338 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0335. Important CVE-2015-0339 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass intended file-upload restrictions via unspecified vectors. Important CVE-2015-0340 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0342. Important CVE-2015-0341 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0341. Important CVE-2015-0342 SUSE bug 922033 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0359. Moderate CVE-2015-0346 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. Moderate CVE-2015-0347 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2015-0348 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039. Moderate CVE-2015-0349 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. Moderate CVE-2015-0350 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0358, and CVE-2015-3039. Moderate CVE-2015-0351 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. Moderate CVE-2015-0352 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. Moderate CVE-2015-0353 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. Moderate CVE-2015-0354 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. Moderate CVE-2015-0355 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion." Moderate CVE-2015-0356 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3040. Moderate CVE-2015-0357 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-3039. Moderate CVE-2015-0358 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346. Moderate CVE-2015-0359 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. Moderate CVE-2015-0360 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key. Moderate CVE-2015-0374 SUSE bug 914058 SUSE bug 915911 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. Moderate CVE-2015-0381 SUSE bug 914058 SUSE bug 915911 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381. Moderate CVE-2015-0382 SUSE bug 914058 SUSE bug 915911 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. Moderate CVE-2015-0383 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth. Moderate CVE-2015-0385 SUSE bug 914058 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Moderate CVE-2015-0391 SUSE bug 914058 SUSE bug 915913 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2015-0395 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Moderate CVE-2015-0400 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Moderate CVE-2015-0403 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA. Important CVE-2015-0405 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. Moderate CVE-2015-0406 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. Moderate CVE-2015-0407 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. Moderate CVE-2015-0408 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Moderate CVE-2015-0409 SUSE bug 914058 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security. Moderate CVE-2015-0410 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. Moderate CVE-2015-0411 SUSE bug 914058 SUSE bug 915911 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. Moderate CVE-2015-0412 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. Moderate CVE-2015-0413 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process. Moderate CVE-2015-0421 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Important CVE-2015-0423 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. Moderate CVE-2015-0432 SUSE bug 914058 SUSE bug 915911 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Moderate CVE-2015-0433 SUSE bug 927623 SUSE bug 936409 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2015-0437 SUSE bug 914041 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. Important CVE-2015-0438 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756. Important CVE-2015-0439 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption. Moderate CVE-2015-0441 SUSE bug 927623 SUSE bug 936409 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Important CVE-2015-0458 SUSE bug 927591 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. Important CVE-2015-0459 SUSE bug 927591 SUSE bug 932310 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2015-0460 SUSE bug 927591 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Important CVE-2015-0469 SUSE bug 927591 SUSE bug 932310 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans. Moderate CVE-2015-0477 SUSE bug 927591 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE. Low CVE-2015-0478 SUSE bug 927591 SUSE bug 944456 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. Moderate CVE-2015-0480 SUSE bug 927591 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. Important CVE-2015-0484 SUSE bug 927591 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. Moderate CVE-2015-0488 SUSE bug 927591 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. Important CVE-2015-0491 SUSE bug 927591 SUSE bug 932310 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. Critical CVE-2015-0492 SUSE bug 927591 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication. Important CVE-2015-0498 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. Moderate CVE-2015-0499 SUSE bug 927623 SUSE bug 936408 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. Important CVE-2015-0500 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. Moderate CVE-2015-0501 SUSE bug 927623 SUSE bug 936408 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. Important CVE-2015-0503 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Moderate CVE-2015-0505 SUSE bug 927623 SUSE bug 936408 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508. Important CVE-2015-0506 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. Important CVE-2015-0507 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506. Important CVE-2015-0508 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP. Important CVE-2015-0511 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. Moderate CVE-2015-0559 SUSE bug 912365 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-0560 SUSE bug 912365 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. Moderate CVE-2015-0561 SUSE bug 912368 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. Moderate CVE-2015-0562 SUSE bug 912369 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-0563 SUSE bug 912370 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. Moderate CVE-2015-0564 SUSE bug 912372 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. Low CVE-2015-0777 SUSE bug 917830 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. Important CVE-2015-0797 SUSE bug 927559 SUSE bug 930622 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header. Important CVE-2015-0799 SUSE bug 925368 SUSE bug 926166 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808. Moderate CVE-2015-0800 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. Moderate CVE-2015-0801 SUSE bug 925368 SUSE bug 925401 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods. Moderate CVE-2015-0802 SUSE bug 925368 SUSE bug 925402 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document. Important CVE-2015-0803 SUSE bug 925368 SUSE bug 925400 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document containing a SOURCE element. Important CVE-2015-0804 SUSE bug 925368 SUSE bug 925400 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content. Important CVE-2015-0805 SUSE bug 925368 SUSE bug 925399 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors that trigger rendering of 2D graphics content. Important CVE-2015-0806 SUSE bug 925368 SUSE bug 925399 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638. Moderate CVE-2015-0807 SUSE bug 913068 SUSE bug 925368 SUSE bug 925398 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors. Moderate CVE-2015-0808 SUSE bug 925368 SUSE bug 925397 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element. Moderate CVE-2015-0810 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation. Moderate CVE-2015-0811 SUSE bug 925368 SUSE bug 925396 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain. Moderate CVE-2015-0812 SUSE bug 925368 SUSE bug 925394 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file. Moderate CVE-2015-0813 SUSE bug 925368 SUSE bug 925393 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2015-0814 SUSE bug 925368 SUSE bug 925392 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js. Moderate CVE-2015-0816 SUSE bug 925368 SUSE bug 925395 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. Moderate CVE-2015-0817 SUSE bug 923495 SUSE bug 923534 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. Moderate CVE-2015-0818 SUSE bug 923495 SUSE bug 923534 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. Important CVE-2015-0822 SUSE bug 910669 SUSE bug 917597 SUSE bug 923534 SUSE bug 924515 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. Important CVE-2015-0827 SUSE bug 910669 SUSE bug 917597 SUSE bug 923534 SUSE bug 924515 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. Important CVE-2015-0831 SUSE bug 910669 SUSE bug 917597 SUSE bug 923534 SUSE bug 924515 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2015-0836 SUSE bug 910669 SUSE bug 917597 SUSE bug 923534 SUSE bug 924515 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." Moderate CVE-2015-0837 SUSE bug 920057 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image. Moderate CVE-2015-0848 SUSE bug 933109 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. Moderate CVE-2015-1196 SUSE bug 913678 SUSE bug 915329 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. Moderate CVE-2015-1197 SUSE bug 1077990 SUSE bug 913677 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). Moderate CVE-2015-1322 SUSE bug 928972 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. Important CVE-2015-1328 SUSE bug 934950 SUSE bug 935081 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. Moderate CVE-2015-1331 SUSE bug 938522 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys. Moderate CVE-2015-1333 SUSE bug 1126909 SUSE bug 1185451 SUSE bug 938645 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label. Moderate CVE-2015-1334 SUSE bug 938523 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. Moderate CVE-2015-1335 SUSE bug 946744 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times. Moderate CVE-2015-1339 SUSE bug 969356 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. Moderate CVE-2015-1341 SUSE bug 952246 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. Moderate CVE-2015-1345 SUSE bug 914695 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. Low CVE-2015-1349 SUSE bug 918330 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. Low CVE-2015-1396 SUSE bug 915329 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function. Moderate CVE-2015-1420 SUSE bug 915517 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. Moderate CVE-2015-1421 SUSE bug 915577 SUSE bug 922004 SUSE bug 939261 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." Important CVE-2015-1461 SUSE bug 1040662 SUSE bug 916217 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." Important CVE-2015-1462 SUSE bug 1040662 SUSE bug 916214 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." Moderate CVE-2015-1463 SUSE bug 1040662 SUSE bug 916215 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. Moderate CVE-2015-1472 SUSE bug 916222 SUSE bug 920341 SUSE bug 922243 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. Moderate CVE-2015-1545 SUSE bug 846389 SUSE bug 916897 SUSE bug 916914 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control. Moderate CVE-2015-1546 SUSE bug 916914 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247. Low CVE-2015-1572 SUSE bug 1123790 SUSE bug 915402 SUSE bug 918346 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability. Low CVE-2015-1573 SUSE bug 917274 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. Moderate CVE-2015-1593 SUSE bug 1044934 SUSE bug 917839 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file. Low CVE-2015-1606 SUSE bug 918089 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." Low CVE-2015-1607 SUSE bug 918090 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. Moderate CVE-2015-1779 SUSE bug 924018 SUSE bug 962632 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. Moderate CVE-2015-1781 SUSE bug 927080 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. Important CVE-2015-1782 SUSE bug 921070 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. Moderate CVE-2015-1787 SUSE bug 922503 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. Moderate CVE-2015-1788 SUSE bug 934487 SUSE bug 936586 SUSE bug 937891 SUSE bug 938432 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. Moderate CVE-2015-1789 SUSE bug 934489 SUSE bug 936586 SUSE bug 937891 SUSE bug 938432 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. Moderate CVE-2015-1790 SUSE bug 934491 SUSE bug 936586 SUSE bug 938432 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier. Moderate CVE-2015-1791 SUSE bug 933911 SUSE bug 986238 SUSE bug 989464 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. Moderate CVE-2015-1792 SUSE bug 934493 SUSE bug 937891 SUSE bug 986238 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. Moderate CVE-2015-1793 SUSE bug 936746 SUSE bug 937637 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. Important CVE-2015-1799 SUSE bug 924202 SUSE bug 927497 SUSE bug 928321 SUSE bug 936327 SUSE bug 943565 SUSE bug 957163 SUSE bug 959243 SUSE bug 962624 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. Moderate CVE-2015-1802 SUSE bug 921978 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. Moderate CVE-2015-1803 SUSE bug 921978 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. Moderate CVE-2015-1804 SUSE bug 921978 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." Moderate CVE-2015-1805 SUSE bug 917839 SUSE bug 933429 SUSE bug 939270 SUSE bug 964730 SUSE bug 964732 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Moderate CVE-2015-1819 SUSE bug 1123919 SUSE bug 928193 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. Moderate CVE-2015-1858 SUSE bug 921999 SUSE bug 927806 SUSE bug 927807 SUSE bug 927808 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. Moderate CVE-2015-1859 SUSE bug 921999 SUSE bug 927806 SUSE bug 927807 SUSE bug 927808 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. Moderate CVE-2015-1860 SUSE bug 921999 SUSE bug 927806 SUSE bug 927807 SUSE bug 927808 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. Moderate CVE-2015-1863 SUSE bug 915323 SUSE bug 927558 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 fts.c in coreutils 8.4 allows local users to delete arbitrary files. Low CVE-2015-1865 SUSE bug 927949 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. Low CVE-2015-1877 SUSE bug 918836 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. Moderate CVE-2015-2041 SUSE bug 903967 SUSE bug 919007 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. Moderate CVE-2015-2042 SUSE bug 903967 SUSE bug 919018 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size. Moderate CVE-2015-2044 SUSE bug 918995 SUSE bug 918998 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. Moderate CVE-2015-2045 SUSE bug 918998 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. Moderate CVE-2015-2150 SUSE bug 800280 SUSE bug 903967 SUSE bug 919463 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors. Moderate CVE-2015-2151 SUSE bug 918998 SUSE bug 919464 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU). Moderate CVE-2015-2153 SUSE bug 922221 SUSE bug 922222 SUSE bug 922223 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value. Moderate CVE-2015-2154 SUSE bug 922222 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Moderate CVE-2015-2155 SUSE bug 922220 SUSE bug 922221 SUSE bug 922222 SUSE bug 922223 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. Moderate CVE-2015-2170 SUSE bug 1040662 SUSE bug 921950 SUSE bug 922560 SUSE bug 929192 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. Moderate CVE-2015-2187 SUSE bug 920695 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. Moderate CVE-2015-2188 SUSE bug 920696 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. Moderate CVE-2015-2189 SUSE bug 920697 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. Moderate CVE-2015-2190 SUSE bug 920698 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. Moderate CVE-2015-2191 SUSE bug 920699 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. Moderate CVE-2015-2192 SUSE bug 920700 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. Moderate CVE-2015-2221 SUSE bug 1040662 SUSE bug 921950 SUSE bug 922560 SUSE bug 929192 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. Moderate CVE-2015-2222 SUSE bug 1040662 SUSE bug 921950 SUSE bug 922560 SUSE bug 929192 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. Moderate CVE-2015-2305 SUSE bug 1040662 SUSE bug 921950 SUSE bug 922022 SUSE bug 922028 SUSE bug 922030 SUSE bug 922043 SUSE bug 922560 SUSE bug 922567 SUSE bug 929192 SUSE bug 980366 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. Moderate CVE-2015-2318 SUSE bug 921312 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. Moderate CVE-2015-2319 SUSE bug 921312 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. Moderate CVE-2015-2320 SUSE bug 921312 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. Moderate CVE-2015-2325 SUSE bug 924960 SUSE bug 933288 SUSE bug 936408 SUSE bug 958373 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". Moderate CVE-2015-2326 SUSE bug 924960 SUSE bug 924961 SUSE bug 933288 SUSE bug 936408 SUSE bug 958373 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-2327 SUSE bug 906574 SUSE bug 957567 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-2328 SUSE bug 906574 SUSE bug 957600 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. Moderate CVE-2015-2331 SUSE bug 922894 SUSE bug 923240 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML. Important CVE-2015-2566 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. Important CVE-2015-2567 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. Moderate CVE-2015-2568 SUSE bug 927623 SUSE bug 936409 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Moderate CVE-2015-2571 SUSE bug 927623 SUSE bug 936408 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Moderate CVE-2015-2573 SUSE bug 927623 SUSE bug 936409 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation. Important CVE-2015-2576 SUSE bug 927623 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Moderate CVE-2015-2582 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732. Important CVE-2015-2590 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 7u80 allows remote attackers to affect integrity via unknown vectors related to Hotspot. Important CVE-2015-2596 SUSE bug 937828 SUSE bug 938248 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install. Important CVE-2015-2597 SUSE bug 937828 SUSE bug 938248 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. Important CVE-2015-2601 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. Moderate CVE-2015-2611 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. Important CVE-2015-2613 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 SUSE bug 951727 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition. Important CVE-2015-2617 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Important CVE-2015-2619 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges. Low CVE-2015-2620 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX. Important CVE-2015-2621 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. Important CVE-2015-2625 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to installation. Important CVE-2015-2627 SUSE bug 937828 SUSE bug 938248 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. Important CVE-2015-2628 SUSE bug 937828 SUSE bug 938248 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Important CVE-2015-2632 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Important CVE-2015-2637 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Important CVE-2015-2638 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall. Moderate CVE-2015-2639 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. Moderate CVE-2015-2641 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Moderate CVE-2015-2643 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. Moderate CVE-2015-2648 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client. Moderate CVE-2015-2661 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Important CVE-2015-2664 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. Moderate CVE-2015-2668 SUSE bug 1040662 SUSE bug 921950 SUSE bug 922560 SUSE bug 929192 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand. Moderate CVE-2015-2672 SUSE bug 921027 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. Important CVE-2015-2686 SUSE bug 923924 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. Moderate CVE-2015-2694 SUSE bug 928978 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. Important CVE-2015-2695 SUSE bug 770172 SUSE bug 952188 SUSE bug 969771 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call. Important CVE-2015-2696 SUSE bug 770172 SUSE bug 952189 SUSE bug 954204 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. Moderate CVE-2015-2697 SUSE bug 770172 SUSE bug 952190 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696. Moderate CVE-2015-2698 SUSE bug 770172 SUSE bug 954204 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization. Moderate CVE-2015-2706 SUSE bug 928116 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2015-2708 SUSE bug 930622 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2015-2709 SUSE bug 930622 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence. Critical CVE-2015-2710 SUSE bug 930622 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text. Critical CVE-2015-2713 SUSE bug 930622 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. Critical CVE-2015-2716 SUSE bug 930622 SUSE bug 939077 SUSE bug 980391 SUSE bug 983985 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. Moderate CVE-2015-2721 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker. Moderate CVE-2015-2722 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2015-2724 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2015-2725 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2015-2726 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue. Moderate CVE-2015-2728 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors. Moderate CVE-2015-2730 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker. Moderate CVE-2015-2733 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. Moderate CVE-2015-2734 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. Moderate CVE-2015-2735 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. Moderate CVE-2015-2736 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. Moderate CVE-2015-2737 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. Moderate CVE-2015-2738 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors. Moderate CVE-2015-2739 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors. Moderate CVE-2015-2740 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass. Moderate CVE-2015-2743 SUSE bug 935979 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. Low CVE-2015-2751 SUSE bug 922709 SUSE bug 950367 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. Moderate CVE-2015-2756 SUSE bug 922706 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. Moderate CVE-2015-2806 SUSE bug 924828 SUSE bug 929414 SUSE bug 961491 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. Important CVE-2015-2808 SUSE bug 925378 SUSE bug 938248 SUSE bug 938895 SUSE bug 952088 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. Moderate CVE-2015-2830 SUSE bug 903967 SUSE bug 926240 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. Moderate CVE-2015-2922 SUSE bug 903967 SUSE bug 922583 SUSE bug 926223 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922. Moderate CVE-2015-2924 SUSE bug 926223 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack." Moderate CVE-2015-2925 SUSE bug 926238 SUSE bug 951625 SUSE bug 951638 SUSE bug 963994 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. Moderate CVE-2015-3038 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358. Moderate CVE-2015-3039 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357. Moderate CVE-2015-3040 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3042, and CVE-2015-3043. Moderate CVE-2015-3041 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3043. Moderate CVE-2015-3042 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042. Moderate CVE-2015-3043 SUSE bug 927089 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Moderate CVE-2015-3044 SUSE bug 927089 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3084 and CVE-2015-3086. Moderate CVE-2015-3077 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3089, CVE-2015-3090, and CVE-2015-3093. Moderate CVE-2015-3078 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Moderate CVE-2015-3079 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2015-3080 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to bypass the Internet Explorer Protected Mode protection mechanism via unspecified vectors. Moderate CVE-2015-3081 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3083 and CVE-2015-3085. Moderate CVE-2015-3082 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3085. Moderate CVE-2015-3083 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3077 and CVE-2015-3086. Moderate CVE-2015-3084 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3083. Moderate CVE-2015-3085 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3077 and CVE-2015-3084. Moderate CVE-2015-3086 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2015-3087 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2015-3088 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3090, and CVE-2015-3093. Moderate CVE-2015-3089 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3093. Moderate CVE-2015-3090 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3092. Moderate CVE-2015-3091 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3091. Moderate CVE-2015-3092 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3090. Moderate CVE-2015-3093 SUSE bug 930677 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass a CVE-2014-5333 protection mechanism via unspecified vectors. Important CVE-2015-3096 SUSE bug 934088 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3099 and CVE-2015-3102. Important CVE-2015-3098 SUSE bug 934088 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3102. Important CVE-2015-3099 SUSE bug 934088 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors. Important CVE-2015-3100 SUSE bug 934088 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3099. Important CVE-2015-3102 SUSE bug 934088 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3106 and CVE-2015-3107. Important CVE-2015-3103 SUSE bug 934088 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3107. Important CVE-2015-3106 SUSE bug 934088 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106. Important CVE-2015-3107 SUSE bug 934088 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. Important CVE-2015-3108 SUSE bug 934088 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. Important CVE-2015-3113 SUSE bug 935701 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Critical CVE-2015-3114 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116. Critical CVE-2015-3115 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3125, and CVE-2015-5116. Critical CVE-2015-3116 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, and CVE-2015-4431. Critical CVE-2015-3117 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117. Critical CVE-2015-3118 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, and CVE-2015-4433. Critical CVE-2015-3119 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3119, CVE-2015-3121, CVE-2015-3122, and CVE-2015-4433. Critical CVE-2015-3120 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3119, CVE-2015-3120, CVE-2015-3122, and CVE-2015-4433. Critical CVE-2015-3121 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, and CVE-2015-4433. Critical CVE-2015-3122 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, and CVE-2015-4431. Critical CVE-2015-3123 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117. Critical CVE-2015-3124 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-5116. Critical CVE-2015-3125 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-4429. Critical CVE-2015-3126 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117. Critical CVE-2015-3127 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117. Critical CVE-2015-3128 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117. Critical CVE-2015-3129 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3133, CVE-2015-3134, and CVE-2015-4431. Critical CVE-2015-3130 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117. Critical CVE-2015-3131 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117. Critical CVE-2015-3132 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3134, and CVE-2015-4431. Critical CVE-2015-3133 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, and CVE-2015-4431. Critical CVE-2015-3134 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4432 and CVE-2015-5118. Critical CVE-2015-3135 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117. Critical CVE-2015-3136 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117. Critical CVE-2015-3137 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). Low CVE-2015-3138 SUSE bug 927637 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. Moderate CVE-2015-3143 SUSE bug 927556 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." Moderate CVE-2015-3144 SUSE bug 927608 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. Moderate CVE-2015-3145 SUSE bug 927607 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet. Moderate CVE-2015-3146 SUSE bug 928323 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Moderate CVE-2015-3148 SUSE bug 1092962 SUSE bug 927746 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. Moderate CVE-2015-3152 SUSE bug 1037590 SUSE bug 1047059 SUSE bug 1088681 SUSE bug 924663 SUSE bug 928962 SUSE bug 936407 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. Moderate CVE-2015-3153 SUSE bug 928533 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. Moderate CVE-2015-3165 SUSE bug 931972 SUSE bug 931973 SUSE bug 931974 SUSE bug 932040 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. Moderate CVE-2015-3166 SUSE bug 931972 SUSE bug 931973 SUSE bug 931974 SUSE bug 932040 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. Moderate CVE-2015-3167 SUSE bug 931972 SUSE bug 931973 SUSE bug 931974 SUSE bug 932040 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. Moderate CVE-2015-3193 SUSE bug 1022086 SUSE bug 1066242 SUSE bug 1071906 SUSE bug 957814 SUSE bug 960151 SUSE bug 990370 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. Moderate CVE-2015-3194 SUSE bug 957812 SUSE bug 957815 SUSE bug 958768 SUSE bug 976341 SUSE bug 990370 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. Moderate CVE-2015-3195 SUSE bug 923755 SUSE bug 957812 SUSE bug 957815 SUSE bug 958768 SUSE bug 963977 SUSE bug 986238 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. Moderate CVE-2015-3196 SUSE bug 957813 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. Low CVE-2015-3197 SUSE bug 963410 SUSE bug 963415 SUSE bug 968044 SUSE bug 968046 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. Moderate CVE-2015-3202 SUSE bug 931452 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Important CVE-2015-3209 SUSE bug 932267 SUSE bug 932770 SUSE bug 932823 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384. Low CVE-2015-3210 SUSE bug 933288 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures. Moderate CVE-2015-3213 SUSE bug 933927 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. Moderate CVE-2015-3214 SUSE bug 934069 SUSE bug 936025 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field. Moderate CVE-2015-3216 SUSE bug 933898 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets. Important CVE-2015-3223 SUSE bug 958581 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors. Moderate CVE-2015-3236 SUSE bug 934501 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. Moderate CVE-2015-3237 SUSE bug 934502 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. Moderate CVE-2015-3255 SUSE bug 939246 SUSE bug 943816 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument. Moderate CVE-2015-3259 SUSE bug 935634 SUSE bug 936281 SUSE bug 937018 SUSE bug 950367 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. Moderate CVE-2015-3276 SUSE bug 938567 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring. Moderate CVE-2015-3277 SUSE bug 938567 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors. Moderate CVE-2015-3278 SUSE bug 938571 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request. Moderate CVE-2015-3294 SUSE bug 923144 SUSE bug 928867 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. Moderate CVE-2015-3308 SUSE bug 927411 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. Important CVE-2015-3331 SUSE bug 927257 SUSE bug 931231 SUSE bug 939262 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. Moderate CVE-2015-3339 SUSE bug 903967 SUSE bug 928130 SUSE bug 939263 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. Moderate CVE-2015-3405 SUSE bug 924202 SUSE bug 928321 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. Moderate CVE-2015-3414 SUSE bug 1085790 SUSE bug 1190372 SUSE bug 1193078 SUSE bug 928700 SUSE bug 928701 SUSE bug 928702 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. Moderate CVE-2015-3415 SUSE bug 1190372 SUSE bug 928700 SUSE bug 928701 SUSE bug 928702 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. Moderate CVE-2015-3416 SUSE bug 1190372 SUSE bug 928700 SUSE bug 928701 SUSE bug 928702 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. Moderate CVE-2015-3418 SUSE bug 928520 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. Low CVE-2015-3451 SUSE bug 929237 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. Moderate CVE-2015-3456 SUSE bug 929339 SUSE bug 932770 SUSE bug 935900 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. Low CVE-2015-3622 SUSE bug 929414 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. Moderate CVE-2015-3636 SUSE bug 929525 SUSE bug 939277 SUSE bug 994624 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. Moderate CVE-2015-3659 SUSE bug 936835 SUSE bug 936836 SUSE bug 971460 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Moderate CVE-2015-3717 SUSE bug 936836 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. Moderate CVE-2015-3811 SUSE bug 930689 SUSE bug 930691 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. Moderate CVE-2015-3812 SUSE bug 930689 SUSE bug 930691 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. Moderate CVE-2015-3813 SUSE bug 930689 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Moderate CVE-2015-3814 SUSE bug 930689 SUSE bug 930691 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. Moderate CVE-2015-3885 SUSE bug 930683 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." Important CVE-2015-3900 SUSE bug 936032 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. Moderate CVE-2015-3991 SUSE bug 931272 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. Important CVE-2015-4000 SUSE bug 1074631 SUSE bug 931600 SUSE bug 931698 SUSE bug 931723 SUSE bug 931845 SUSE bug 932026 SUSE bug 932483 SUSE bug 934789 SUSE bug 935033 SUSE bug 935540 SUSE bug 935979 SUSE bug 937202 SUSE bug 937766 SUSE bug 938248 SUSE bug 938432 SUSE bug 938895 SUSE bug 938905 SUSE bug 938906 SUSE bug 938913 SUSE bug 938945 SUSE bug 943664 SUSE bug 944729 SUSE bug 945582 SUSE bug 955589 SUSE bug 980406 SUSE bug 990592 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. Critical CVE-2015-4001 SUSE bug 933934 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. Critical CVE-2015-4002 SUSE bug 933934 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet. Important CVE-2015-4003 SUSE bug 933934 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. Important CVE-2015-4004 SUSE bug 933934 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900. Important CVE-2015-4020 SUSE bug 936032 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name. Moderate CVE-2015-4035 SUSE bug 931678 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. Moderate CVE-2015-4037 SUSE bug 932267 SUSE bug 950367 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields. Moderate CVE-2015-4103 SUSE bug 931625 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors. Moderate CVE-2015-4104 SUSE bug 931626 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations. Moderate CVE-2015-4105 SUSE bug 931627 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. Moderate CVE-2015-4106 SUSE bug 931628 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow. Moderate CVE-2015-4141 SUSE bug 915323 SUSE bug 930077 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. Moderate CVE-2015-4142 SUSE bug 915323 SUSE bug 930078 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. Moderate CVE-2015-4143 SUSE bug 930079 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message. Moderate CVE-2015-4144 SUSE bug 930079 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message. Moderate CVE-2015-4145 SUSE bug 930079 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message. Moderate CVE-2015-4146 SUSE bug 930079 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version. Moderate CVE-2015-4163 SUSE bug 932790 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set. Moderate CVE-2015-4164 SUSE bug 932996 SUSE bug 950367 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem. Moderate CVE-2015-4167 SUSE bug 917839 SUSE bug 933907 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses. Low CVE-2015-4171 SUSE bug 931845 SUSE bug 933591 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory. Moderate CVE-2015-4176 SUSE bug 933971 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call. Moderate CVE-2015-4177 SUSE bug 933969 SUSE bug 933970 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h. Moderate CVE-2015-4178 SUSE bug 933969 SUSE bug 933970 SUSE bug 933971 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4430, and CVE-2015-5117. Critical CVE-2015-4428 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-3126. Critical CVE-2015-4429 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, and CVE-2015-5117. Critical CVE-2015-4430 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, and CVE-2015-3134. Critical CVE-2015-4431 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3135 and CVE-2015-5118. Critical CVE-2015-4432 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, and CVE-2015-3122. Critical CVE-2015-4433 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file. Moderate CVE-2015-4467 SUSE bug 934524 SUSE bug 934525 SUSE bug 934529 SUSE bug 934533 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file. Moderate CVE-2015-4469 SUSE bug 934524 SUSE bug 934526 SUSE bug 934529 SUSE bug 934533 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive. Moderate CVE-2015-4470 SUSE bug 934527 SUSE bug 934533 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive. Moderate CVE-2015-4471 SUSE bug 934528 SUSE bug 934533 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file. Moderate CVE-2015-4472 SUSE bug 934525 SUSE bug 934529 SUSE bug 934533 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2015-4473 SUSE bug 940806 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2015-4474 SUSE bug 940806 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file. Important CVE-2015-4475 SUSE bug 940806 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method. Important CVE-2015-4478 SUSE bug 940806 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data. Important CVE-2015-4479 SUSE bug 940806 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object. Important CVE-2015-4484 SUSE bug 940806 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data. Important CVE-2015-4485 SUSE bug 940806 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data. Important CVE-2015-4486 SUSE bug 940806 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow." Important CVE-2015-4487 SUSE bug 940806 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment. Important CVE-2015-4488 SUSE bug 940806 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment. Important CVE-2015-4489 SUSE bug 940806 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. Moderate CVE-2015-4491 SUSE bug 940806 SUSE bug 942801 SUSE bug 948790 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object. Important CVE-2015-4492 SUSE bug 940806 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. Moderate CVE-2015-4495 SUSE bug 940806 SUSE bug 940918 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2015-4500 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2015-4501 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file. Moderate CVE-2015-4506 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176. Critical CVE-2015-4509 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video. Important CVE-2015-4511 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2015-4513 SUSE bug 952810 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Important CVE-2015-4517 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element. Moderate CVE-2015-4519 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header. Important CVE-2015-4520 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Important CVE-2015-4521 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." Important CVE-2015-4522 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer. Moderate CVE-2015-4551 SUSE bug 893141 SUSE bug 934423 SUSE bug 936188 SUSE bug 936190 SUSE bug 940838 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file. Moderate CVE-2015-4588 SUSE bug 933109 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone. Moderate CVE-2015-4620 SUSE bug 936476 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. Low CVE-2015-4652 SUSE bug 935158 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file. Moderate CVE-2015-4695 SUSE bug 936058 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command. Moderate CVE-2015-4696 SUSE bug 936062 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler. Moderate CVE-2015-4700 SUSE bug 935705 SUSE bug 939273 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path. Moderate CVE-2015-4706 SUSE bug 935908 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path. Moderate CVE-2015-4707 SUSE bug 935908 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment. Important CVE-2015-4729 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types. Moderate CVE-2015-4730 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Important CVE-2015-4731 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590. Important CVE-2015-4732 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. Important CVE-2015-4733 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS. Moderate CVE-2015-4734 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Important CVE-2015-4736 SUSE bug 937828 SUSE bug 938248 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth. Low CVE-2015-4737 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. Important CVE-2015-4748 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI. Important CVE-2015-4749 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. Moderate CVE-2015-4752 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439. Moderate CVE-2015-4756 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Moderate CVE-2015-4757 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Important CVE-2015-4760 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. Moderate CVE-2015-4761 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. Moderate CVE-2015-4766 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769. Moderate CVE-2015-4767 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767. Moderate CVE-2015-4769 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR. Moderate CVE-2015-4771 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. Moderate CVE-2015-4772 SUSE bug 938412 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. Moderate CVE-2015-4792 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Moderate CVE-2015-4800 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. Moderate CVE-2015-4802 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911. Moderate CVE-2015-4803 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. Moderate CVE-2015-4805 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. Moderate CVE-2015-4806 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. Moderate CVE-2015-4815 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. Moderate CVE-2015-4816 SUSE bug 951391 SUSE bug 958790 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. Moderate CVE-2015-4819 SUSE bug 951391 SUSE bug 958790 SUSE bug 969667 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. Moderate CVE-2015-4826 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. Moderate CVE-2015-4830 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. Moderate CVE-2015-4833 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881. Moderate CVE-2015-4835 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. Moderate CVE-2015-4836 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D. Moderate CVE-2015-4840 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP. Moderate CVE-2015-4842 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2015-4843 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Moderate CVE-2015-4844 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. Moderate CVE-2015-4858 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883. Moderate CVE-2015-4860 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. Moderate CVE-2015-4861 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. Moderate CVE-2015-4862 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. Moderate CVE-2015-4864 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. Moderate CVE-2015-4866 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. Moderate CVE-2015-4870 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. Moderate CVE-2015-4871 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. Moderate CVE-2015-4872 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. Moderate CVE-2015-4879 SUSE bug 951391 SUSE bug 958790 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835. Critical CVE-2015-4881 SUSE bug 951376 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA. Moderate CVE-2015-4882 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860. Moderate CVE-2015-4883 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. Moderate CVE-2015-4890 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. Moderate CVE-2015-4893 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. Moderate CVE-2015-4895 SUSE bug 951391 SUSE bug 958790 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI. Moderate CVE-2015-4903 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld. Moderate CVE-2015-4904 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML. Moderate CVE-2015-4905 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. Moderate CVE-2015-4910 SUSE bug 951391 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893. Moderate CVE-2015-4911 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. Moderate CVE-2015-4913 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-3125. Critical CVE-2015-5116 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, and CVE-2015-4430. Critical CVE-2015-5117 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3135 and CVE-2015-4432. Critical CVE-2015-5118 SUSE bug 937339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. Critical CVE-2015-5119 SUSE bug 937339 SUSE bug 937752 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015. Important CVE-2015-5122 SUSE bug 937752 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. Important CVE-2015-5123 SUSE bug 937752 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, and CVE-2015-4431. Critical CVE-2015-5124 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors. Moderate CVE-2015-5125 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Moderate CVE-2015-5127 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2015-5128 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5541. Moderate CVE-2015-5129 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Moderate CVE-2015-5130 SUSE bug 941239 SUSE bug 952254 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5132 and CVE-2015-5133. Moderate CVE-2015-5131 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5131 and CVE-2015-5133. Moderate CVE-2015-5132 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5131 and CVE-2015-5132. Moderate CVE-2015-5133 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Moderate CVE-2015-5134 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. Low CVE-2015-5146 SUSE bug 936690 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. Moderate CVE-2015-5154 SUSE bug 938344 SUSE bug 950367 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. Important CVE-2015-5157 SUSE bug 937969 SUSE bug 937970 SUSE bug 938706 SUSE bug 939207 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block. Moderate CVE-2015-5158 SUSE bug 939254 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Moderate CVE-2015-5165 SUSE bug 939712 SUSE bug 950367 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. Moderate CVE-2015-5166 SUSE bug 939709 SUSE bug 950367 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet. Moderate CVE-2015-5185 SUSE bug 942628 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Audit before 2.4.4 in Linux does not sanitize escape characters in filenames. Moderate CVE-2015-5186 SUSE bug 941922 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable. Moderate CVE-2015-5198 SUSE bug 943967 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable. Moderate CVE-2015-5199 SUSE bug 943968 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors. Moderate CVE-2015-5200 SUSE bug 943969 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document. Moderate CVE-2015-5212 SUSE bug 934423 SUSE bug 936188 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow. Moderate CVE-2015-5213 SUSE bug 934423 SUSE bug 936190 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file. Moderate CVE-2015-5214 SUSE bug 934423 SUSE bug 940838 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. Moderate CVE-2015-5224 SUSE bug 943012 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks. Moderate CVE-2015-5234 SUSE bug 944209 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page. Moderate CVE-2015-5235 SUSE bug 944208 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. Moderate CVE-2015-5239 SUSE bug 944463 SUSE bug 950367 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name. Moderate CVE-2015-5245 SUSE bug 945206 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. Moderate CVE-2015-5247 SUSE bug 945645 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. Moderate CVE-2015-5252 SUSE bug 958582 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. Low CVE-2015-5276 SUSE bug 945842 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. Moderate CVE-2015-5278 SUSE bug 945989 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished. Moderate CVE-2015-5283 SUSE bug 947155 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. Moderate CVE-2015-5288 SUSE bug 949669 SUSE bug 949670 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. Moderate CVE-2015-5289 SUSE bug 949669 SUSE bug 949670 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication. Low CVE-2015-5292 SUSE bug 948819 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. Moderate CVE-2015-5296 SUSE bug 1058622 SUSE bug 958584 SUSE bug 973031 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. Moderate CVE-2015-5299 SUSE bug 958583 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. Moderate CVE-2015-5307 SUSE bug 953527 SUSE bug 954018 SUSE bug 954404 SUSE bug 954405 SUSE bug 962977 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response. Moderate CVE-2015-5310 SUSE bug 952254 SUSE bug 953115 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. Moderate CVE-2015-5312 SUSE bug 1123919 SUSE bug 957105 SUSE bug 959469 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name. Moderate CVE-2015-5313 SUSE bug 953110 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value. Moderate CVE-2015-5330 SUSE bug 958581 SUSE bug 958586 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. Moderate CVE-2015-5352 SUSE bug 1074631 SUSE bug 1138392 SUSE bug 936695 SUSE bug 938277 SUSE bug 948086 SUSE bug 996040 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood. Moderate CVE-2015-5364 SUSE bug 781018 SUSE bug 936831 SUSE bug 939276 SUSE bug 945112 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364. Moderate CVE-2015-5366 SUSE bug 781018 SUSE bug 936831 SUSE bug 939276 SUSE bug 945112 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors. Important CVE-2015-5370 SUSE bug 936862 SUSE bug 975276 SUSE bug 977416 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. Moderate CVE-2015-5477 SUSE bug 1000362 SUSE bug 939567 SUSE bug 980168 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. Moderate CVE-2015-5522 SUSE bug 933588 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. Moderate CVE-2015-5523 SUSE bug 933588 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Moderate CVE-2015-5539 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Moderate CVE-2015-5540 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5129. Moderate CVE-2015-5541 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553. Moderate CVE-2015-5544 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553. Moderate CVE-2015-5545 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553. Moderate CVE-2015-5546 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553. Moderate CVE-2015-5547 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553. Moderate CVE-2015-5548 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5552, and CVE-2015-5553. Moderate CVE-2015-5549 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Moderate CVE-2015-5550 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Moderate CVE-2015-5551 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, and CVE-2015-5553. Moderate CVE-2015-5552 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, and CVE-2015-5552. Moderate CVE-2015-5553 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-5555, CVE-2015-5558, and CVE-2015-5562. Moderate CVE-2015-5554 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-5554, CVE-2015-5558, and CVE-2015-5562. Moderate CVE-2015-5555 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Moderate CVE-2015-5556 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Moderate CVE-2015-5557 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-5554, CVE-2015-5555, and CVE-2015-5562. Moderate CVE-2015-5558 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Moderate CVE-2015-5559 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2015-5560 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Moderate CVE-2015-5561 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-5554, CVE-2015-5555, and CVE-2015-5558. Moderate CVE-2015-5562 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5564, and CVE-2015-5565. Moderate CVE-2015-5563 SUSE bug 941239 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5579. Moderate CVE-2015-5567 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors. Moderate CVE-2015-5568 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 improperly implement the Flash broker API, which has unspecified impact and attack vectors. Moderate CVE-2015-5569 SUSE bug 950169 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682. Moderate CVE-2015-5570 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671 and CVE-2014-5333. Moderate CVE-2015-5571 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Moderate CVE-2015-5572 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion." Moderate CVE-2015-5573 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682. Moderate CVE-2015-5574 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677. Moderate CVE-2015-5575 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. Moderate CVE-2015-5576 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677. Moderate CVE-2015-5577 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677. Moderate CVE-2015-5578 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5567. Moderate CVE-2015-5579 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677. Moderate CVE-2015-5580 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5584, and CVE-2015-6682. Moderate CVE-2015-5581 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5588, and CVE-2015-6677. Moderate CVE-2015-5582 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-6682. Moderate CVE-2015-5584 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Stack-based buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2015-5587 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-6677. Moderate CVE-2015-5588 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. Moderate CVE-2015-5600 SUSE bug 1009988 SUSE bug 1074631 SUSE bug 1138392 SUSE bug 938746 SUSE bug 943006 SUSE bug 943007 SUSE bug 943010 SUSE bug 943504 SUSE bug 945985 SUSE bug 948086 SUSE bug 954457 SUSE bug 957883 SUSE bug 996040 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. Moderate CVE-2015-5621 SUSE bug 1111123 SUSE bug 940188 SUSE bug 969779 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation. Important CVE-2015-5706 SUSE bug 940339 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. Moderate CVE-2015-5707 SUSE bug 923755 SUSE bug 940338 SUSE bug 940342 SUSE bug 963994 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. Important CVE-2015-5722 SUSE bug 944066 SUSE bug 944107 SUSE bug 954983 SUSE bug 958861 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. Low CVE-2015-5745 SUSE bug 940929 SUSE bug 950367 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-6241 SUSE bug 941500 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. Moderate CVE-2015-6242 SUSE bug 941500 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. Moderate CVE-2015-6243 SUSE bug 941500 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-6244 SUSE bug 941500 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Moderate CVE-2015-6245 SUSE bug 941500 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-6246 SUSE bug 941500 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Moderate CVE-2015-6247 SUSE bug 941500 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-6248 SUSE bug 941500 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-6249 SUSE bug 941500 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation. Low CVE-2015-6252 SUSE bug 942367 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace. Moderate CVE-2015-6526 SUSE bug 942702 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. Moderate CVE-2015-6563 SUSE bug 1074631 SUSE bug 943006 SUSE bug 943007 SUSE bug 943010 SUSE bug 948086 SUSE bug 996040 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. Moderate CVE-2015-6564 SUSE bug 1074631 SUSE bug 1138392 SUSE bug 942850 SUSE bug 943006 SUSE bug 943007 SUSE bug 943010 SUSE bug 948086 SUSE bug 996040 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest. Moderate CVE-2015-6654 SUSE bug 942657 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6678. Moderate CVE-2015-6676 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-5588. Moderate CVE-2015-6677 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6676. Moderate CVE-2015-6678 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. Moderate CVE-2015-6679 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-5584. Moderate CVE-2015-6682 SUSE bug 946880 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file. Moderate CVE-2015-6749 SUSE bug 943795 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. Low CVE-2015-6815 SUSE bug 944697 SUSE bug 950367 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. Low CVE-2015-6855 SUSE bug 945404 SUSE bug 965156 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. Important CVE-2015-6908 SUSE bug 945582 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. Moderate CVE-2015-6937 SUSE bug 923755 SUSE bug 945825 SUSE bug 952384 SUSE bug 953052 SUSE bug 963994 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." Important CVE-2015-7174 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." Important CVE-2015-7175 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors. Important CVE-2015-7176 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Important CVE-2015-7177 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Important CVE-2015-7180 SUSE bug 947003 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. Important CVE-2015-7181 SUSE bug 952810 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. Important CVE-2015-7182 SUSE bug 952810 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Important CVE-2015-7183 SUSE bug 952810 SUSE bug 962977 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Moderate CVE-2015-7184 SUSE bug 950686 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string. Important CVE-2015-7188 SUSE bug 952810 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code. Important CVE-2015-7189 SUSE bug 952810 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. Important CVE-2015-7193 SUSE bug 952810 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive. Important CVE-2015-7194 SUSE bug 952810 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. Important CVE-2015-7196 SUSE bug 952810 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code. Important CVE-2015-7197 SUSE bug 952810 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data. Important CVE-2015-7198 SUSE bug 952810 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document. Important CVE-2015-7199 SUSE bug 952810 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. Important CVE-2015-7200 SUSE bug 952810 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2015-7201 SUSE bug 959277 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2015-7202 SUSE bug 959277 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet. Important CVE-2015-7205 SUSE bug 959277 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. Critical CVE-2015-7210 SUSE bug 959277 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation. Moderate CVE-2015-7212 SUSE bug 959277 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. Important CVE-2015-7213 SUSE bug 959277 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. Important CVE-2015-7214 SUSE bug 959277 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow. Important CVE-2015-7222 SUSE bug 959277 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. Moderate CVE-2015-7236 SUSE bug 940191 SUSE bug 946204 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface. Moderate CVE-2015-7295 SUSE bug 947159 SUSE bug 950367 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. Low CVE-2015-7311 SUSE bug 947165 SUSE bug 950367 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. Moderate CVE-2015-7497 SUSE bug 1123919 SUSE bug 957106 SUSE bug 959469 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. Moderate CVE-2015-7498 SUSE bug 1123919 SUSE bug 957107 SUSE bug 959469 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. Moderate CVE-2015-7499 SUSE bug 1123919 SUSE bug 957109 SUSE bug 959469 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. Moderate CVE-2015-7500 SUSE bug 1123919 SUSE bug 957110 SUSE bug 959469 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. Moderate CVE-2015-7504 SUSE bug 956411 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. Moderate CVE-2015-7509 SUSE bug 956707 SUSE bug 956709 SUSE bug 956766 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. Important CVE-2015-7512 SUSE bug 957162 SUSE bug 962360 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints. Moderate CVE-2015-7515 SUSE bug 956708 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets. Moderate CVE-2015-7540 SUSE bug 958580 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. Important CVE-2015-7547 SUSE bug 1077097 SUSE bug 847227 SUSE bug 961721 SUSE bug 967023 SUSE bug 967061 SUSE bug 967072 SUSE bug 967496 SUSE bug 969216 SUSE bug 969241 SUSE bug 969591 SUSE bug 986086 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. Low CVE-2015-7549 SUSE bug 958917 SUSE bug 958918 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls. Moderate CVE-2015-7550 SUSE bug 1052256 SUSE bug 958951 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file. Moderate CVE-2015-7552 SUSE bug 958963 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. Important CVE-2015-7554 SUSE bug 1007276 SUSE bug 1017690 SUSE bug 1040322 SUSE bug 960341 SUSE bug 974621 SUSE bug 983436 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. Moderate CVE-2015-7555 SUSE bug 960319 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. Moderate CVE-2015-7560 SUSE bug 968222 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. Moderate CVE-2015-7575 SUSE bug 959888 SUSE bug 960402 SUSE bug 960996 SUSE bug 961280 SUSE bug 961281 SUSE bug 961282 SUSE bug 961283 SUSE bug 961284 SUSE bug 961290 SUSE bug 961357 SUSE bug 962743 SUSE bug 963937 SUSE bug 967521 SUSE bug 981087 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. Important CVE-2015-7613 SUSE bug 923755 SUSE bug 948536 SUSE bug 948701 SUSE bug 963994 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634. Moderate CVE-2015-7625 SUSE bug 950169 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634. Moderate CVE-2015-7626 SUSE bug 950169 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634. Moderate CVE-2015-7627 SUSE bug 950169 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. Moderate CVE-2015-7628 SUSE bug 950169 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a TextFormat object with a crafted tabStops property, a different vulnerability than CVE-2015-7631, CVE-2015-7643, and CVE-2015-7644. Moderate CVE-2015-7629 SUSE bug 950169 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7633, and CVE-2015-7634. Moderate CVE-2015-7630 SUSE bug 950169 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a TextLine object with a crafted validity property, a different vulnerability than CVE-2015-7629, CVE-2015-7643, and CVE-2015-7644. Moderate CVE-2015-7631 SUSE bug 950169 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a Loader object with a crafted loaderBytes property. Moderate CVE-2015-7632 SUSE bug 950169 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, and CVE-2015-7634. Moderate CVE-2015-7633 SUSE bug 950169 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, and CVE-2015-7633. Moderate CVE-2015-7634 SUSE bug 950169 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a Video object with a crafted deblocking property, a different vulnerability than CVE-2015-7629, CVE-2015-7631, and CVE-2015-7644. Moderate CVE-2015-7643 SUSE bug 950169 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, and CVE-2015-7643. Moderate CVE-2015-7644 SUSE bug 950169 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015. Critical CVE-2015-7645 SUSE bug 950474 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted DefineFunction atoms, a different vulnerability than CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Moderate CVE-2015-7651 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted gridFitType property value, a different vulnerability than CVE-2015-7651, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Moderate CVE-2015-7652 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted globalToLocal arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Moderate CVE-2015-7653 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted attachSound arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Moderate CVE-2015-7654 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionExtends arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Moderate CVE-2015-7655 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionImplementsOp arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Moderate CVE-2015-7656 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionCallMethod arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Moderate CVE-2015-7657 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionInstanceOf arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Moderate CVE-2015-7658 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion" in the NetConnection object implementation. Moderate CVE-2015-7659 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted setMask arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Moderate CVE-2015-7660 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted getBounds call, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Moderate CVE-2015-7661 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and write to files via unspecified vectors. Moderate CVE-2015-7662 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Moderate CVE-2015-7663 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. Moderate CVE-2015-7673 SUSE bug 948790 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. Moderate CVE-2015-7674 SUSE bug 948791 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. Important CVE-2015-7691 SUSE bug 1010964 SUSE bug 911792 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. Important CVE-2015-7692 SUSE bug 1010964 SUSE bug 911792 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). Moderate CVE-2015-7701 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. Important CVE-2015-7702 SUSE bug 1010964 SUSE bug 911792 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. Moderate CVE-2015-7703 SUSE bug 1010964 SUSE bug 943216 SUSE bug 943218 SUSE bug 943219 SUSE bug 943221 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. Moderate CVE-2015-7704 SUSE bug 1010964 SUSE bug 951608 SUSE bug 952611 SUSE bug 959243 SUSE bug 977446 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. Moderate CVE-2015-7705 SUSE bug 1010964 SUSE bug 951608 SUSE bug 952611 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. Moderate CVE-2015-7744 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. Low CVE-2015-7799 SUSE bug 1052256 SUSE bug 949936 SUSE bug 951638 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. Moderate CVE-2015-7805 SUSE bug 953516 SUSE bug 953519 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface. Important CVE-2015-7812 SUSE bug 950171 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c. Moderate CVE-2015-7813 SUSE bug 950172 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain. Moderate CVE-2015-7814 SUSE bug 950173 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. Moderate CVE-2015-7830 SUSE bug 950437 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. Important CVE-2015-7835 SUSE bug 940929 SUSE bug 947159 SUSE bug 950367 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. Moderate CVE-2015-7837 SUSE bug 950804 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash. Moderate CVE-2015-7848 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. Moderate CVE-2015-7849 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. Moderate CVE-2015-7850 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. Moderate CVE-2015-7851 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. Moderate CVE-2015-7852 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. Moderate CVE-2015-7853 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. Moderate CVE-2015-7854 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. Moderate CVE-2015-7855 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. Moderate CVE-2015-7871 SUSE bug 1010964 SUSE bug 951608 SUSE bug 952606 SUSE bug 959243 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. Important CVE-2015-7872 SUSE bug 951440 SUSE bug 951542 SUSE bug 951638 SUSE bug 958463 SUSE bug 958601 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. Low CVE-2015-7884 SUSE bug 1126909 SUSE bug 951626 SUSE bug 951627 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. Low CVE-2015-7885 SUSE bug 1126909 SUSE bug 951626 SUSE bug 951627 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. Low CVE-2015-7941 SUSE bug 1123919 SUSE bug 951734 SUSE bug 951735 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. Low CVE-2015-7942 SUSE bug 1123919 SUSE bug 951735 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall. Moderate CVE-2015-7969 SUSE bug 950703 SUSE bug 950705 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand. Moderate CVE-2015-7970 SUSE bug 950704 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c. Moderate CVE-2015-7971 SUSE bug 950706 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to "heavy memory pressure." Moderate CVE-2015-7972 SUSE bug 950704 SUSE bug 951845 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. Moderate CVE-2015-7981 SUSE bug 952051 SUSE bug 960402 SUSE bug 963937 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937. Low CVE-2015-7990 SUSE bug 945825 SUSE bug 952384 SUSE bug 953052 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. Moderate CVE-2015-8000 SUSE bug 944066 SUSE bug 958861 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call. Moderate CVE-2015-8019 SUSE bug 1032268 SUSE bug 951199 SUSE bug 952587 SUSE bug 979078 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. Important CVE-2015-8023 SUSE bug 953817 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors. Moderate CVE-2015-8025 SUSE bug 952062 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. Low CVE-2015-8035 SUSE bug 1088279 SUSE bug 1105166 SUSE bug 954429 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted loadSound call, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Moderate CVE-2015-8042 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8044, and CVE-2015-8046. Moderate CVE-2015-8043 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, and CVE-2015-8046. Moderate CVE-2015-8044 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455. Important CVE-2015-8045 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, and CVE-2015-8044. Moderate CVE-2015-8046 SUSE bug 954512 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455. Important CVE-2015-8047 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8048 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted autoSize property value, a different vulnerability than CVE-2015-8048, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8049 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted beginGradientFill call, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8050 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8055 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8056 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8057 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8058 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8059 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455. Important CVE-2015-8060 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8061 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8062 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8063 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8064 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8065 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8066 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8067 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8068 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8069 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8070 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8071 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. Moderate CVE-2015-8104 SUSE bug 953527 SUSE bug 954018 SUSE bug 954404 SUSE bug 954405 SUSE bug 962977 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Moderate CVE-2015-8126 SUSE bug 954980 SUSE bug 958198 SUSE bug 960402 SUSE bug 962743 SUSE bug 963937 SUSE bug 969333 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. Moderate CVE-2015-8215 SUSE bug 1052256 SUSE bug 944296 SUSE bug 951638 SUSE bug 955354 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. Moderate CVE-2015-8239 SUSE bug 955994 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. Moderate CVE-2015-8241 SUSE bug 1123919 SUSE bug 956018 SUSE bug 959469 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. Moderate CVE-2015-8242 SUSE bug 1123919 SUSE bug 956021 SUSE bug 959469 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 GnuTLS incorrectly validates the first byte of padding in CBC modes Moderate CVE-2015-8313 SUSE bug 957568 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. Moderate CVE-2015-8317 SUSE bug 1123919 SUSE bug 956260 SUSE bug 959469 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. Moderate CVE-2015-8327 SUSE bug 1027197 SUSE bug 957531 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown. Moderate CVE-2015-8339 SUSE bug 956408 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. Moderate CVE-2015-8340 SUSE bug 956408 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains. Moderate CVE-2015-8341 SUSE bug 956409 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. Moderate CVE-2015-8345 SUSE bug 956829 SUSE bug 956832 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error. Moderate CVE-2015-8370 SUSE bug 956631 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. Moderate CVE-2015-8374 SUSE bug 923755 SUSE bug 956053 SUSE bug 963994 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-8380 SUSE bug 957566 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-8381 SUSE bug 906574 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. Moderate CVE-2015-8392 SUSE bug 906574 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8401 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8402 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8403 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8404 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8405 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8406 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8457. Important CVE-2015-8407 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455. Important CVE-2015-8408 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-8440 and CVE-2015-8453. Important CVE-2015-8409 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8410 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8411 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8412 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8413 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8414 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors. Important CVE-2015-8415 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455. Important CVE-2015-8416 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455. Important CVE-2015-8417 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455. Important CVE-2015-8418 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455. Important CVE-2015-8419 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8420 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8421 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8422 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8423 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8424 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8425 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8426 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8427 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8428 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8429 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8430 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8431 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8432 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8433 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8434 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8435 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the PrintJob object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted addPage arguments, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8436 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the Selection object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted setFocus call, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8437 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted XML object that is mishandled during a toString call, a different vulnerability than CVE-2015-8446. Important CVE-2015-8438 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The SharedObject object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code by leveraging an unspecified "type confusion" during a getRemote call, a different vulnerability than CVE-2015-8456. Important CVE-2015-8439 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-8409 and CVE-2015-8453. Important CVE-2015-8440 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8441 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted filters property value, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8442 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455. Important CVE-2015-8443 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8451, and CVE-2015-8455. Important CVE-2015-8444 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the Shader filter implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a large BitmapData source object. Important CVE-2015-8445 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via an MP3 file with COMM tags that are mishandled during memory allocation, a different vulnerability than CVE-2015-8438. Important CVE-2015-8446 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the Color object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted setTransform arguments, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8447 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the DisplacementMapFilter object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted mapBitmap property value, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8448 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted lineTo method call, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8449 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted filters property value in a TextField object, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8452, and CVE-2015-8454. Important CVE-2015-8450 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, and CVE-2015-8455. Important CVE-2015-8451 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, and CVE-2015-8454. Important CVE-2015-8452 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to bypass the ASLR protection mechanism via JIT data, a different vulnerability than CVE-2015-8409 and CVE-2015-8440. Important CVE-2015-8453 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, and CVE-2015-8452. Important CVE-2015-8454 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, and CVE-2015-8451. Important CVE-2015-8455 SUSE bug 958324 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8460, CVE-2015-8636, and CVE-2015-8645. Moderate CVE-2015-8459 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8636, and CVE-2015-8645. Critical CVE-2015-8460 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. Moderate CVE-2015-8472 SUSE bug 954980 SUSE bug 958198 SUSE bug 960402 SUSE bug 963937 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. Moderate CVE-2015-8504 SUSE bug 958491 SUSE bug 958493 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c. Important CVE-2015-8539 SUSE bug 781018 SUSE bug 958463 SUSE bug 958601 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. Moderate CVE-2015-8543 SUSE bug 1052256 SUSE bug 923755 SUSE bug 958886 SUSE bug 963994 SUSE bug 969522 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability. Important CVE-2015-8550 SUSE bug 1052256 SUSE bug 957988 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks." Moderate CVE-2015-8551 SUSE bug 957990 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks." Moderate CVE-2015-8552 SUSE bug 957990 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path." Moderate CVE-2015-8554 SUSE bug 958007 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors. Moderate CVE-2015-8555 SUSE bug 958009 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. Moderate CVE-2015-8556 SUSE bug 958993 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. Moderate CVE-2015-8558 SUSE bug 959005 SUSE bug 959006 SUSE bug 976109 SUSE bug 976111 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. Moderate CVE-2015-8560 SUSE bug 1027197 SUSE bug 957531 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). Low CVE-2015-8567 SUSE bug 959386 SUSE bug 959387 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. Low CVE-2015-8568 SUSE bug 959386 SUSE bug 959387 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. Moderate CVE-2015-8569 SUSE bug 923755 SUSE bug 959190 SUSE bug 959399 SUSE bug 963994 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. Moderate CVE-2015-8575 SUSE bug 959190 SUSE bug 959399 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. Moderate CVE-2015-8605 SUSE bug 961305 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. Low CVE-2015-8613 SUSE bug 961358 SUSE bug 961556 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). Low CVE-2015-8619 SUSE bug 960334 SUSE bug 965269 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. Low CVE-2015-8629 SUSE bug 770172 SUSE bug 963968 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. Low CVE-2015-8630 SUSE bug 963964 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. Moderate CVE-2015-8631 SUSE bug 963975 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. Critical CVE-2015-8634 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. Critical CVE-2015-8635 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8460, and CVE-2015-8645. Critical CVE-2015-8636 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. Critical CVE-2015-8638 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. Critical CVE-2015-8639 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. Critical CVE-2015-8640 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. Critical CVE-2015-8641 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. Critical CVE-2015-8642 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. Critical CVE-2015-8643 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion." Critical CVE-2015-8644 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8460, and CVE-2015-8636. Critical CVE-2015-8645 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. Critical CVE-2015-8646 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. Critical CVE-2015-8647 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8649, and CVE-2015-8650. Critical CVE-2015-8648 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8650. Critical CVE-2015-8649 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8649. Critical CVE-2015-8650 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors. Critical CVE-2015-8651 SUSE bug 960317 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. Moderate CVE-2015-8704 SUSE bug 962189 SUSE bug 962190 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. Moderate CVE-2015-8705 SUSE bug 962189 SUSE bug 962190 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. Moderate CVE-2015-8710 SUSE bug 1123919 SUSE bug 960674 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. Moderate CVE-2015-8711 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-8712 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. Moderate CVE-2015-8713 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-8714 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Moderate CVE-2015-8715 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-8716 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-8717 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-8718 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-8719 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-8720 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. Moderate CVE-2015-8721 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. Moderate CVE-2015-8722 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. Moderate CVE-2015-8723 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. Moderate CVE-2015-8724 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. Moderate CVE-2015-8725 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Moderate CVE-2015-8726 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. Moderate CVE-2015-8727 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. Moderate CVE-2015-8728 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Moderate CVE-2015-8729 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. Moderate CVE-2015-8730 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. Moderate CVE-2015-8731 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. Moderate CVE-2015-8732 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Moderate CVE-2015-8733 SUSE bug 960382 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. Moderate CVE-2015-8743 SUSE bug 960725 SUSE bug 960726 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. Low CVE-2015-8744 SUSE bug 960835 SUSE bug 960836 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. Low CVE-2015-8745 SUSE bug 960707 SUSE bug 960708 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic. Moderate CVE-2015-8746 SUSE bug 960839 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. Low CVE-2015-8767 SUSE bug 961509 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. Low CVE-2015-8776 SUSE bug 962736 SUSE bug 986086 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. Low CVE-2015-8777 SUSE bug 950944 SUSE bug 962735 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. Low CVE-2015-8778 SUSE bug 962737 SUSE bug 986086 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. Moderate CVE-2015-8779 SUSE bug 962739 SUSE bug 965453 SUSE bug 986086 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782. Moderate CVE-2015-8781 SUSE bug 964213 SUSE bug 964225 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781. Moderate CVE-2015-8782 SUSE bug 964213 SUSE bug 964225 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. Moderate CVE-2015-8783 SUSE bug 964213 SUSE bug 964225 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. Low CVE-2015-8785 SUSE bug 963765 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets. Moderate CVE-2015-8812 SUSE bug 966437 SUSE bug 966683 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS. Moderate CVE-2015-8817 SUSE bug 969121 SUSE bug 969122 SUSE bug 969125 SUSE bug 969126 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors. Moderate CVE-2015-8818 SUSE bug 969122 SUSE bug 969125 SUSE bug 969126 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression. Moderate CVE-2015-8830 SUSE bug 969354 SUSE bug 969355 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item. Important CVE-2015-8833 SUSE bug 970498 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. Moderate CVE-2015-8844 SUSE bug 975531 SUSE bug 975533 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. Moderate CVE-2015-8845 SUSE bug 975531 SUSE bug 975533 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue. Moderate CVE-2015-8960 SUSE bug 941124 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field. Important CVE-2015-8961 SUSE bug 1010492 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. Moderate CVE-2015-8963 SUSE bug 1010502 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP3 Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. Moderate CVE-2015-9104 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. Moderate CVE-2015-9105 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking. Important CVE-2016-0402 SUSE bug 960402 SUSE bug 962743 SUSE bug 963937 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX. Important CVE-2016-0448 SUSE bug 960402 SUSE bug 962743 SUSE bug 963937 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP. Important CVE-2016-0466 SUSE bug 960402 SUSE bug 962743 SUSE bug 963937 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data. Important CVE-2016-0483 SUSE bug 960402 SUSE bug 962743 SUSE bug 963937 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Important CVE-2016-0494 SUSE bug 962743 SUSE bug 963937 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Moderate CVE-2016-0502 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options. Moderate CVE-2016-0505 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name. Moderate CVE-2016-0546 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. Moderate CVE-2016-0596 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Moderate CVE-2016-0597 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. Moderate CVE-2016-0598 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Moderate CVE-2016-0600 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption. Moderate CVE-2016-0606 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF. Moderate CVE-2016-0608 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges. Moderate CVE-2016-0609 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Moderate CVE-2016-0616 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component. Moderate CVE-2016-0636 SUSE bug 972468 SUSE bug 979252 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file. Important CVE-2016-0701 SUSE bug 1071906 SUSE bug 1176331 SUSE bug 1195379 SUSE bug 963410 SUSE bug 963413 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. Low CVE-2016-0702 SUSE bug 1007806 SUSE bug 968044 SUSE bug 968050 SUSE bug 971238 SUSE bug 990370 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. Moderate CVE-2016-0703 SUSE bug 968044 SUSE bug 968046 SUSE bug 968051 SUSE bug 986238 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. Low CVE-2016-0705 SUSE bug 968044 SUSE bug 968047 SUSE bug 971238 SUSE bug 976341 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. Moderate CVE-2016-0723 SUSE bug 961500 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. Important CVE-2016-0728 SUSE bug 923755 SUSE bug 962075 SUSE bug 962078 SUSE bug 963994 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." Moderate CVE-2016-0739 SUSE bug 965875 SUSE bug 967026 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. Moderate CVE-2016-0755 SUSE bug 962983 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors. Moderate CVE-2016-0766 SUSE bug 966435 SUSE bug 966436 SUSE bug 978323 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. Moderate CVE-2016-0771 SUSE bug 968223 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression. Moderate CVE-2016-0773 SUSE bug 966435 SUSE bug 966436 SUSE bug 978323 SUSE bug 983246 SUSE bug 986409 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805. Moderate CVE-2016-0774 SUSE bug 917839 SUSE bug 964730 SUSE bug 964732 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. Critical CVE-2016-0777 SUSE bug 961642 SUSE bug 996040 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. Moderate CVE-2016-0778 SUSE bug 961645 SUSE bug 996040 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." Moderate CVE-2016-0787 SUSE bug 1149968 SUSE bug 967026 SUSE bug 968174 SUSE bug 974691 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. Moderate CVE-2016-0797 SUSE bug 968044 SUSE bug 968048 SUSE bug 990370 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. Moderate CVE-2016-0798 SUSE bug 968044 SUSE bug 968265 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. Moderate CVE-2016-0799 SUSE bug 968044 SUSE bug 968374 SUSE bug 969517 SUSE bug 989345 SUSE bug 990370 SUSE bug 991722 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. Moderate CVE-2016-0800 SUSE bug 1106871 SUSE bug 961377 SUSE bug 968044 SUSE bug 968046 SUSE bug 968888 SUSE bug 969591 SUSE bug 979060 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. Moderate CVE-2016-0960 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. Moderate CVE-2016-0961 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. Moderate CVE-2016-0962 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010. Moderate CVE-2016-0963 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. Moderate CVE-2016-0964 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. Critical CVE-2016-0965 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. Moderate CVE-2016-0966 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. Moderate CVE-2016-0967 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. Moderate CVE-2016-0968 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. Moderate CVE-2016-0969 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. Moderate CVE-2016-0970 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2016-0971 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. Moderate CVE-2016-0972 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the URLRequest object implementation in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via a URLLoader.load call, a different vulnerability than CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984. Moderate CVE-2016-0973 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984. Moderate CVE-2016-0974 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the instanceof function in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code by leveraging improper reference handling, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984. Moderate CVE-2016-0975 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. Moderate CVE-2016-0976 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. Moderate CVE-2016-0977 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. Moderate CVE-2016-0978 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0980, and CVE-2016-0981. Moderate CVE-2016-0979 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, and CVE-2016-0981. Critical CVE-2016-0980 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, and CVE-2016-0980. Critical CVE-2016-0981 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0983, and CVE-2016-0984. Critical CVE-2016-0982 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0984. Critical CVE-2016-0983 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983. Critical CVE-2016-0984 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion." Critical CVE-2016-0985 SUSE bug 965901 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. Moderate CVE-2016-0986 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Moderate CVE-2016-0987 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Moderate CVE-2016-0988 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. Moderate CVE-2016-0989 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Moderate CVE-2016-0990 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Moderate CVE-2016-0991 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1002, and CVE-2016-1005. Moderate CVE-2016-0992 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-1010. Moderate CVE-2016-0993 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Moderate CVE-2016-0994 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Moderate CVE-2016-0995 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the setInterval method in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Moderate CVE-2016-0996 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Moderate CVE-2016-0997 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000. Moderate CVE-2016-0998 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000. Moderate CVE-2016-0999 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999. Moderate CVE-2016-1000 SUSE bug 1016168 SUSE bug 1016169 SUSE bug 1016366 SUSE bug 970547 SUSE bug 988484 SUSE bug 988486 SUSE bug 988487 SUSE bug 988488 SUSE bug 988489 SUSE bug 988491 SUSE bug 988492 SUSE bug 989125 SUSE bug 989170 SUSE bug 989172 SUSE bug 989174 SUSE bug 989523 SUSE bug 989532 SUSE bug 989569 SUSE bug 989989 SUSE bug 989995 SUSE bug 989997 SUSE bug 990847 SUSE bug 997861 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2016-1001 SUSE bug 1016340 SUSE bug 1016368 SUSE bug 1016369 SUSE bug 1016370 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005. Moderate CVE-2016-1002 SUSE bug 1014298 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002. Moderate CVE-2016-1005 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993. Moderate CVE-2016-1010 SUSE bug 970547 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. Moderate CVE-2016-1285 SUSE bug 970072 SUSE bug 981200 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. Important CVE-2016-1286 SUSE bug 970073 SUSE bug 981200 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634. Moderate CVE-2016-1503 SUSE bug 963550 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length. Moderate CVE-2016-1504 SUSE bug 963549 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. Moderate CVE-2016-1523 SUSE bug 965803 SUSE bug 965806 SUSE bug 965807 SUSE bug 965810 SUSE bug 967087 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command. Moderate CVE-2016-1568 SUSE bug 961332 SUSE bug 961333 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates. Moderate CVE-2016-1570 SUSE bug 960861 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check. Moderate CVE-2016-1571 SUSE bug 960861 SUSE bug 960862 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid. Moderate CVE-2016-1572 SUSE bug 962052 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792. Moderate CVE-2016-1621 SUSE bug 972021 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration. Moderate CVE-2016-1714 SUSE bug 961691 SUSE bug 961692 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue. Low CVE-2016-1922 SUSE bug 962320 SUSE bug 962321 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2016-1930 SUSE bug 963520 SUSE bug 963632 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. Moderate CVE-2016-1935 SUSE bug 963520 SUSE bug 963635 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. Moderate CVE-2016-1937 SUSE bug 963641 SUSE bug 977736 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. Moderate CVE-2016-1938 SUSE bug 963731 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file. Moderate CVE-2016-1949 SUSE bug 966438 SUSE bug 967087 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. Important CVE-2016-1950 SUSE bug 969894 SUSE bug 970257 SUSE bug 970377 SUSE bug 970378 SUSE bug 970379 SUSE bug 970380 SUSE bug 970381 SUSE bug 970431 SUSE bug 970433 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2016-1952 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. Critical CVE-2016-1953 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. Moderate CVE-2016-1954 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. Moderate CVE-2016-1957 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. Moderate CVE-2016-1958 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. Critical CVE-2016-1960 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. Critical CVE-2016-1961 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. Critical CVE-2016-1962 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. Critical CVE-2016-1964 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. Moderate CVE-2016-1965 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. Important CVE-2016-1966 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. Moderate CVE-2016-1974 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. Critical CVE-2016-1977 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. Moderate CVE-2016-1978 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. Moderate CVE-2016-1979 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS. Low CVE-2016-1981 SUSE bug 963782 SUSE bug 963783 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. Low CVE-2016-2069 SUSE bug 870618 SUSE bug 963767 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic. Moderate CVE-2016-2070 SUSE bug 963761 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. Moderate CVE-2016-2088 SUSE bug 970074 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. Important CVE-2016-2107 SUSE bug 976942 SUSE bug 977584 SUSE bug 977616 SUSE bug 978492 SUSE bug 990369 SUSE bug 990370 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream. Moderate CVE-2016-2114 SUSE bug 973035 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. Moderate CVE-2016-2117 SUSE bug 1027179 SUSE bug 968697 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. Moderate CVE-2016-2148 SUSE bug 970662 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. Moderate CVE-2016-2176 SUSE bug 978224 SUSE bug 990369 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS. Low CVE-2016-2198 SUSE bug 964413 SUSE bug 964415 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. Moderate CVE-2016-2270 SUSE bug 965315 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. Low CVE-2016-2271 SUSE bug 965317 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions. Moderate CVE-2016-2383 SUSE bug 966684 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor. Moderate CVE-2016-2384 SUSE bug 966693 SUSE bug 967773 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers. Low CVE-2016-2391 SUSE bug 967012 SUSE bug 967013 SUSE bug 967101 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet. Low CVE-2016-2392 SUSE bug 967012 SUSE bug 967090 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function. Low CVE-2016-2538 SUSE bug 967969 SUSE bug 968004 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call. Moderate CVE-2016-2543 SUSE bug 967972 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time. Moderate CVE-2016-2544 SUSE bug 967973 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call. Moderate CVE-2016-2545 SUSE bug 967974 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call. Moderate CVE-2016-2546 SUSE bug 967975 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call. Moderate CVE-2016-2547 SUSE bug 968011 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions. Moderate CVE-2016-2548 SUSE bug 968012 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. Moderate CVE-2016-2549 SUSE bug 968013 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Moderate CVE-2016-2553 SUSE bug 968697 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. Low CVE-2016-2785 SUSE bug 977471 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. Critical CVE-2016-2790 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Critical CVE-2016-2791 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. Critical CVE-2016-2792 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Critical CVE-2016-2793 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Critical CVE-2016-2794 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. Critical CVE-2016-2795 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. Critical CVE-2016-2796 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. Critical CVE-2016-2797 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Critical CVE-2016-2798 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. Critical CVE-2016-2799 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. Critical CVE-2016-2800 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. Critical CVE-2016-2801 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Critical CVE-2016-2802 SUSE bug 969894 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2016-2804 SUSE bug 977373 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2016-2806 SUSE bug 977375 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. Important CVE-2016-2809 SUSE bug 977333 SUSE bug 977377 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. Moderate CVE-2016-2810 SUSE bug 977333 SUSE bug 977378 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method. Important CVE-2016-2811 SUSE bug 977379 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. Important CVE-2016-2812 SUSE bug 977379 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. Moderate CVE-2016-2813 SUSE bug 977333 SUSE bug 977380 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. Moderate CVE-2016-2816 SUSE bug 977382 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL. Moderate CVE-2016-2817 SUSE bug 977384 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. Moderate CVE-2016-2820 SUSE bug 977388 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control. Low CVE-2016-2841 SUSE bug 969350 SUSE bug 969351 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow. Moderate CVE-2016-2851 SUSE bug 969785 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. Moderate CVE-2016-3135 SUSE bug 970904 SUSE bug 971794 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. Moderate CVE-2016-3136 SUSE bug 970955 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. Moderate CVE-2016-3177 SUSE bug 971555 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. Moderate CVE-2016-3190 SUSE bug 971964 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1. Low CVE-2016-3624 SUSE bug 974617 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. Low CVE-2016-3625 SUSE bug 974615 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. Low CVE-2016-3633 SUSE bug 974841 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching. Low CVE-2016-3634 SUSE bug 974839 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. Low CVE-2016-3658 SUSE bug 974840 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. Moderate CVE-2016-3689 SUSE bug 971628 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call. Moderate CVE-2016-3713 SUSE bug 979715 SUSE bug 985132 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. Moderate CVE-2016-3951 SUSE bug 974418 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. Low CVE-2016-3991 SUSE bug 975070 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation. Moderate CVE-2016-4024 SUSE bug 975703 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)." Moderate CVE-2016-4070 SUSE bug 976997 SUSE bug 980366 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. Moderate CVE-2016-4353 SUSE bug 977980 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. Important CVE-2016-4354 SUSE bug 977982 SUSE bug 977989 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. Moderate CVE-2016-4355 SUSE bug 977982 SUSE bug 977989 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. Moderate CVE-2016-4356 SUSE bug 977977 SUSE bug 979261 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode. Moderate CVE-2016-4440 SUSE bug 980829 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor. Moderate CVE-2016-4557 SUSE bug 979018 SUSE bug 979077 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count. Moderate CVE-2016-4558 SUSE bug 979019 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call. Moderate CVE-2016-4568 SUSE bug 979022 SUSE bug 981516 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. Moderate CVE-2016-4581 SUSE bug 979913 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. Moderate CVE-2016-4794 SUSE bug 980265 SUSE bug 981517 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. Moderate CVE-2016-4951 SUSE bug 981058 SUSE bug 985132 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command. Moderate CVE-2016-4952 SUSE bug 981266 SUSE bug 981276 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state. Low CVE-2016-4964 SUSE bug 981399 SUSE bug 981401 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name. Moderate CVE-2016-5116 SUSE bug 982176 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable. Moderate CVE-2017-1000255 SUSE bug 1061633 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. Moderate CVE-2017-10989 SUSE bug 1131919 SUSE bug 1132045 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. Important CVE-2017-13704 SUSE bug 1060586 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. Moderate CVE-2017-15023 SUSE bug 1061623 SUSE bug 1065689 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. Moderate CVE-2017-15286 SUSE bug 1063145 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. Important CVE-2017-18075 SUSE bug 1077402 SUSE bug 1077404 SUSE bug 1087082 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. Moderate CVE-2017-18174 SUSE bug 1080533 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads. Moderate CVE-2017-18193 SUSE bug 1082478 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests. Moderate CVE-2017-18204 SUSE bug 1083244 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings. Important CVE-2017-18222 SUSE bug 1084529 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field. Moderate CVE-2017-18224 SUSE bug 1084831 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. Moderate CVE-2017-18249 SUSE bug 1087036 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation. Moderate CVE-2017-18255 SUSE bug 1087082 SUSE bug 1087813 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. Important CVE-2017-2518 SUSE bug 1155787 SUSE bug 1194085 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. Important CVE-2017-5123 SUSE bug 1062473 SUSE bug 1122971 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes." Important CVE-2017-8284 SUSE bug 1160901 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. Moderate CVE-2018-10322 SUSE bug 1087082 SUSE bug 1090749 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client. Moderate CVE-2018-1139 SUSE bug 1095048 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. Low CVE-2018-13053 SUSE bug 1099924 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. Moderate CVE-2018-13093 SUSE bug 1100001 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. Moderate CVE-2018-13095 SUSE bug 1099999 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized. Moderate CVE-2018-14609 SUSE bug 1102875 SUSE bug 1103597 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c. Moderate CVE-2018-14610 SUSE bug 1102877 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c. Moderate CVE-2018-14611 SUSE bug 1102879 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c. Moderate CVE-2018-14612 SUSE bug 1102882 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c. Moderate CVE-2018-14613 SUSE bug 1102896 SUSE bug 1103800 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. Moderate CVE-2018-16862 SUSE bug 1117186 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. Important CVE-2018-16871 SUSE bug 1137103 SUSE bug 1156320 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. Moderate CVE-2018-18397 SUSE bug 1117656 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control. Important CVE-2018-18559 SUSE bug 1112859 SUSE bug 1112921 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file. Moderate CVE-2018-19478 SUSE bug 1118461 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). Low CVE-2018-20505 SUSE bug 1131560 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. Important CVE-2018-20506 SUSE bug 1131560 SUSE bug 1131576 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. Important CVE-2018-20669 SUSE bug 1122971 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. Moderate CVE-2018-20784 SUSE bug 1126703 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. Important CVE-2018-20856 SUSE bug 1143048 SUSE bug 1156331 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. Important CVE-2018-21010 SUSE bug 1149789 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition. Moderate CVE-2018-5738 SUSE bug 1096864 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. Moderate CVE-2018-6616 SUSE bug 1079845 SUSE bug 1140359 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. Moderate CVE-2018-7191 SUSE bug 1135603 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. Important CVE-2018-8781 SUSE bug 1087082 SUSE bug 1090643 SUSE bug 1090646 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. Important CVE-2019-10126 SUSE bug 1136935 SUSE bug 1137944 SUSE bug 1156330 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system, corrupt memory, or create other adverse security affects. Important CVE-2019-10142 SUSE bug 1135955 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. Moderate CVE-2019-11005 SUSE bug 1132058 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. Moderate CVE-2019-11006 SUSE bug 1132061 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. Moderate CVE-2019-11007 SUSE bug 1132060 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. Moderate CVE-2019-11008 SUSE bug 1132054 SUSE bug 1133202 SUSE bug 1133203 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. Moderate CVE-2019-11010 SUSE bug 1132055 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. Low CVE-2019-11473 SUSE bug 1133203 SUSE bug 1133204 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. Low CVE-2019-11474 SUSE bug 1133202 SUSE bug 1133204 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. Important CVE-2019-11505 SUSE bug 1133501 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. Moderate CVE-2019-11597 SUSE bug 1138464 SUSE bug 1146211 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue. Important CVE-2019-11683 SUSE bug 1134021 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. Low CVE-2019-12067 SUSE bug 1145642 SUSE bug 1145652 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). Moderate CVE-2019-12614 SUSE bug 1137194 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. Moderate CVE-2019-12818 SUSE bug 1138293 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service. Low CVE-2019-12819 SUSE bug 1138291 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue. Moderate CVE-2019-12929 SUSE bug 1139671 SUSE bug 1140123 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. Moderate CVE-2019-12973 SUSE bug 1140359 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. Moderate CVE-2019-12974 SUSE bug 1140111 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c. Moderate CVE-2019-12977 SUSE bug 1139884 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c. Moderate CVE-2019-12978 SUSE bug 1139885 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. Moderate CVE-2019-13136 SUSE bug 1140104 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. Moderate CVE-2019-13137 SUSE bug 1140105 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. Important CVE-2019-13272 SUSE bug 1140671 SUSE bug 1156321 SUSE bug 1198122 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. Moderate CVE-2019-13296 SUSE bug 1140665 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. Moderate CVE-2019-13298 SUSE bug 1140667 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. Moderate CVE-2019-13299 SUSE bug 1140668 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. Moderate CVE-2019-13300 SUSE bug 1140669 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. Moderate CVE-2019-13302 SUSE bug 1140552 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. Important CVE-2019-13303 SUSE bug 1140549 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. Important CVE-2019-13304 SUSE bug 1140547 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. Important CVE-2019-13305 SUSE bug 1140545 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. Moderate CVE-2019-13306 SUSE bug 1140543 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. Moderate CVE-2019-13307 SUSE bug 1140538 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. Moderate CVE-2019-13308 SUSE bug 1140534 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. Low CVE-2019-13309 SUSE bug 1140501 SUSE bug 1140520 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. Low CVE-2019-13310 SUSE bug 1140501 SUSE bug 1140520 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c. Moderate CVE-2019-13648 SUSE bug 1142254 SUSE bug 1142265 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case. Moderate CVE-2019-14288 SUSE bug 1143434 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case. Moderate CVE-2019-14289 SUSE bug 1143443 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2. Moderate CVE-2019-14290 SUSE bug 1143568 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3. Moderate CVE-2019-14291 SUSE bug 1143569 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1. Moderate CVE-2019-14292 SUSE bug 1143570 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2. Moderate CVE-2019-14293 SUSE bug 1143571 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. Moderate CVE-2019-14494 SUSE bug 1143950 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid. Moderate CVE-2019-14763 SUSE bug 1144918 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file. Moderate CVE-2019-14981 SUSE bug 1146065 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. Moderate CVE-2019-15030 SUSE bug 1149713 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. Moderate CVE-2019-15031 SUSE bug 1149713 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space. Important CVE-2019-15034 SUSE bug 1166379 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. Moderate CVE-2019-15090 SUSE bug 1146399 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Moderate CVE-2019-15099 SUSE bug 1146368 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472. Low CVE-2019-15139 SUSE bug 1146213 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c. Low CVE-2019-15140 SUSE bug 1146212 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597. Low CVE-2019-15141 SUSE bug 1146211 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. Moderate CVE-2019-15221 SUSE bug 1146519 SUSE bug 1146529 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. Important CVE-2019-15239 SUSE bug 1146589 SUSE bug 1156317 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). Moderate CVE-2019-1547 SUSE bug 1150003 SUSE bug 1154162 SUSE bug 1154166 SUSE bug 1161085 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Moderate CVE-2019-1549 SUSE bug 1150247 SUSE bug 1154162 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t). Moderate CVE-2019-1551 SUSE bug 1158809 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). Low CVE-2019-1552 SUSE bug 1143552 SUSE bug 1154162 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. Moderate CVE-2019-16088 SUSE bug 1150205 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact. Moderate CVE-2019-16115 SUSE bug 1150039 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." Moderate CVE-2019-16168 SUSE bug 1150137 SUSE bug 1160968 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. Moderate CVE-2019-16711 SUSE bug 1151784 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. Moderate CVE-2019-16712 SUSE bug 1151785 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. Moderate CVE-2019-16927 SUSE bug 1154829 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. Moderate CVE-2019-17064 SUSE bug 1152783 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly. Low CVE-2019-17514 SUSE bug 1154297 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. Moderate CVE-2019-17541 SUSE bug 1153867 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. Moderate CVE-2019-17547 SUSE bug 1153868 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. Moderate CVE-2019-18282 SUSE bug 1161121 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. Important CVE-2019-18683 SUSE bug 1155897 SUSE bug 1173868 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. Moderate CVE-2019-18853 SUSE bug 1156520 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. Moderate CVE-2019-18885 SUSE bug 1156901 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. Moderate CVE-2019-19057 SUSE bug 1157193 SUSE bug 1157197 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. Moderate CVE-2019-19062 SUSE bug 1157333 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 SUSE Linux Enterprise Desktop 11 SP4 Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. Moderate CVE-2019-19063 SUSE bug 1157298 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c. Moderate CVE-2019-19071 SUSE bug 1157067 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14. Moderate CVE-2019-19077 SUSE bug 1157171 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2. Moderate CVE-2019-19078 SUSE bug 1157032 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad. Moderate CVE-2019-19082 SUSE bug 1157046 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. Moderate CVE-2019-19242 SUSE bug 1157817 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. Moderate CVE-2019-19244 SUSE bug 1157817 SUSE bug 1157818 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. Moderate CVE-2019-19252 SUSE bug 1157813 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. Moderate CVE-2019-19332 SUSE bug 1158827 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. Moderate CVE-2019-19645 SUSE bug 1158958 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. Moderate CVE-2019-19880 SUSE bug 1159491 SUSE bug 1159715 SUSE bug 1162833 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). Moderate CVE-2019-19923 SUSE bug 1160309 SUSE bug 1162833 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. Moderate CVE-2019-19924 SUSE bug 1159850 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. Low CVE-2019-19925 SUSE bug 1159847 SUSE bug 1162833 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. Important CVE-2019-19926 SUSE bug 1159491 SUSE bug 1159715 SUSE bug 1162833 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. Moderate CVE-2019-19951 SUSE bug 1160321 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. Important CVE-2019-19952 SUSE bug 1160426 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. Moderate CVE-2019-19953 SUSE bug 1160364 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. Moderate CVE-2019-19959 SUSE bug 1160438 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. Important CVE-2019-20218 SUSE bug 1160439 SUSE bug 1189840 SUSE bug 1190372 SUSE bug 1192495 SUSE bug 1193078 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. Moderate CVE-2019-20808 SUSE bug 1172379 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable. Moderate CVE-2019-3819 SUSE bug 1123161 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. Moderate CVE-2019-3882 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1133319 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. Moderate CVE-2019-5008 SUSE bug 1133031 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. Important CVE-2019-5018 SUSE bug 1134622 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. Important CVE-2019-6116 SUSE bug 1122319 SUSE bug 1129186 SUSE bug 1134156 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. Important CVE-2019-8457 SUSE bug 1136976 SUSE bug 1154162 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. Low CVE-2019-9936 SUSE bug 1130326 SUSE bug 1154162 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. Low CVE-2019-9937 SUSE bug 1130325 SUSE bug 1154162 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image. Moderate CVE-2020-10251 SUSE bug 1166225 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU. Moderate CVE-2020-10702 SUSE bug 1168681 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host. Moderate CVE-2020-10717 SUSE bug 1171110 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. Moderate CVE-2020-10756 SUSE bug 1172380 SUSE bug 1184743 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. Important CVE-2020-10761 SUSE bug 1172710 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. Important CVE-2020-11102 SUSE bug 1168713 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. Important CVE-2020-11655 SUSE bug 1169126 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. Moderate CVE-2020-11656 SUSE bug 1169111 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. Moderate CVE-2020-11869 SUSE bug 1170537 SUSE bug 1188609 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. Important CVE-2020-12268 SUSE bug 1170603 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service. Moderate CVE-2020-12829 SUSE bug 1172385 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. Low CVE-2020-13362 SUSE bug 1172383 cpe:/o:suse:suse_sled:11:sp2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. Moderate CVE-2020-13434 SUSE bug 1172115 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. Important CVE-2020-13435 SUSE bug 1172091 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. Moderate CVE-2020-13630 SUSE bug 1172234 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. Moderate CVE-2020-13631 SUSE bug 1172236 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. Moderate CVE-2020-13632 SUSE bug 1172240 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. Moderate CVE-2020-13791 SUSE bug 1172494 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. Moderate CVE-2020-13800 SUSE bug 1172495 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. Moderate CVE-2020-13871 SUSE bug 1172646 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. Moderate CVE-2020-13902 SUSE bug 1172642 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service. Moderate CVE-2020-14373 SUSE bug 1176133 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. Moderate CVE-2020-14415 SUSE bug 1173109 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. Important CVE-2020-14422 SUSE bug 1173274 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference. Moderate CVE-2020-15304 SUSE bug 1173466 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. Low CVE-2020-15305 SUSE bug 1173467 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. Low CVE-2020-15306 SUSE bug 1173469 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. Moderate CVE-2020-15358 SUSE bug 1173641 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds. Important CVE-2020-15365 SUSE bug 1173517 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. Moderate CVE-2020-15389 SUSE bug 1173578 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. Moderate CVE-2020-15523 SUSE bug 1173745 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504. Moderate CVE-2020-15704 SUSE bug 1174891 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. Important CVE-2020-15801 SUSE bug 1174241 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. Moderate CVE-2020-15859 SUSE bug 1174373 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP4 hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555. Important CVE-2020-15863 SUSE bug 1174386 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. Critical CVE-2020-15889 SUSE bug 1174371 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b. Important CVE-2020-15900 SUSE bug 1174415 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function. Low CVE-2020-15945 SUSE bug 1174540 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. Moderate CVE-2020-16092 SUSE bug 1174641 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. Important CVE-2020-1711 SUSE bug 1166240 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. Moderate CVE-2020-17380 SUSE bug 1175144 SUSE bug 1182282 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). Important CVE-2020-1967 SUSE bug 1169407 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. Moderate CVE-2020-24342 SUSE bug 1175339 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference. Moderate CVE-2020-24369 SUSE bug 1175447 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). Moderate CVE-2020-24370 SUSE bug 1175448 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage. Moderate CVE-2020-24371 SUSE bug 1175449 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. Important CVE-2020-6851 SUSE bug 1160782 SUSE bug 1162090 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. Moderate CVE-2020-8315 SUSE bug 1173935 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. Moderate CVE-2020-9327 SUSE bug 1164719 cpe:/o:suse:suse_sled:11:sp2 cpe:/o:suse:suse_sled:11:sp3 cpe:/o:suse:suse_sled:11:sp4