Marcus Updateinfo to OVAL Converter5.52019-09-27T08:38:55CVE-2002-2443SUSE Linux Enterprise Server 12
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
ImportantCVE-2002-2443SUSE bug 825985SUSE bug 871411SUSE bug 887734CVE-2004-0801SUSE Linux Enterprise Server 12
Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.
ImportantCVE-2004-0801SUSE bug 59233SUSE bug 698451SUSE bug 704608SUSE bug 852368SUSE bug 957531CVE-2004-2771SUSE Linux Enterprise Server 12
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
ModerateCVE-2004-2771SUSE bug 909208CVE-2006-0855SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected.
ModerateCVE-2006-0855SUSE bug 153057CVE-2006-2607SUSE Linux Enterprise Server 12
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.
ImportantCVE-2006-2607SUSE bug 178863SUSE bug 537178CVE-2006-4197SUSE Linux Enterprise Server 12
Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.
ImportantCVE-2006-4197SUSE bug 199134CVE-2006-4484SUSE Linux Enterprise Server 12
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
ModerateCVE-2006-4484SUSE bug 200181SUSE bug 355864SUSE bug 356187SUSE bug 357978SUSE bug 372642SUSE bug 374257SUSE bug 386009SUSE bug 709852CVE-2006-7250SUSE Linux Enterprise Server 12
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
ModerateCVE-2006-7250SUSE bug 748738SUSE bug 883307CVE-2007-0774SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
ImportantCVE-2007-0774SUSE bug 248157CVE-2007-1669SUSE Linux Enterprise Server 12
zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
ImportantCVE-2007-1669SUSE bug 271781CVE-2007-3999SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
CriticalCVE-2007-3999SUSE bug 302377SUSE bug 305261CVE-2007-4129SUSE Linux Enterprise Server 12
CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory.
ModerateCVE-2007-4129SUSE bug 304180CVE-2007-4772SUSE Linux Enterprise Server 12
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
ImportantCVE-2007-4772SUSE bug 329282CVE-2007-5970SUSE Linux Enterprise Server 12
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
ModerateCVE-2007-5970SUSE bug 348307CVE-2007-6600SUSE Linux Enterprise Server 12
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
ModerateCVE-2007-6600SUSE bug 329282SUSE bug 537706CVE-2008-0928SUSE Linux Enterprise Server 12
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
ModerateCVE-2008-0928SUSE bug 362956CVE-2008-1420SUSE Linux Enterprise Server 12
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
ModerateCVE-2008-1420SUSE bug 372246CVE-2008-1686SUSE Linux Enterprise Server 12
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
CriticalCVE-2008-1686SUSE bug 377602SUSE bug 379098CVE-2008-1945SUSE Linux Enterprise Server 12
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
ModerateCVE-2008-1945SUSE bug 362956CVE-2008-2382SUSE Linux Enterprise Server 12
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
ModerateCVE-2008-2382SUSE bug 461565SUSE bug 464142CVE-2008-3825SUSE Linux Enterprise Server 12
pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance.
ModerateCVE-2008-3825SUSE bug 425861CVE-2008-4225SUSE Linux Enterprise Server 12
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
ImportantCVE-2008-4225SUSE bug 445677CVE-2008-4226SUSE Linux Enterprise Server 12
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
CriticalCVE-2008-4226SUSE bug 441368CVE-2008-4316SUSE Linux Enterprise Server 12
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.
ModerateCVE-2008-4316SUSE bug 382708SUSE bug 449927SUSE bug 475541CVE-2008-4409SUSE Linux Enterprise Server 12
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.
ModerateCVE-2008-4409SUSE bug 432486CVE-2008-4539SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.
ImportantCVE-2008-4539SUSE bug 435135SUSE bug 448551CVE-2008-4936SUSE Linux Enterprise Server 12
faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
ModerateCVE-2008-4936SUSE bug 442596CVE-2008-4989SUSE Linux Enterprise Server 12
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
ModerateCVE-2008-4989SUSE bug 392947SUSE bug 441856SUSE bug 467911CVE-2008-5077SUSE Linux Enterprise Server 12
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
ModerateCVE-2008-5077SUSE bug 459468SUSE bug 465675SUSE bug 465676SUSE bug 468866SUSE bug 470968SUSE bug 475108SUSE bug 552497SUSE bug 629905SUSE bug 708266CVE-2008-5519SUSE Linux Enterprise Server 12
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
ModerateCVE-2008-5519SUSE bug 493575CVE-2008-5913SUSE Linux Enterprise Server 12
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."
LowCVE-2008-5913SUSE bug 468762SUSE bug 603356CVE-2008-7247SUSE Linux Enterprise Server 12
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
ModerateCVE-2008-7247SUSE bug 557669SUSE bug 604528CVE-2009-0023SUSE Linux Enterprise Server 12
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
ModerateCVE-2009-0023SUSE bug 510301CVE-2009-0035SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2009-0035SUSE bug 533396CVE-2009-0037SUSE Linux Enterprise Server 12
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.
ModerateCVE-2009-0037SUSE bug 475103SUSE bug 527990CVE-2009-0040SUSE Linux Enterprise Server 12
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
ModerateCVE-2009-0040SUSE bug 472745SUSE bug 478625SUSE bug 608040CVE-2009-0159SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
ModerateCVE-2009-0159SUSE bug 484653SUSE bug 501632CVE-2009-0163SUSE Linux Enterprise Server 12
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.
ModerateCVE-2009-0163SUSE bug 485895CVE-2009-0186SUSE Linux Enterprise Server 12
Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
CriticalCVE-2009-0186SUSE bug 481769CVE-2009-0316SUSE Linux Enterprise Server 12
Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.
ModerateCVE-2009-0316SUSE bug 470100CVE-2009-0368SUSE Linux Enterprise Server 12
OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
ModerateCVE-2009-0368SUSE bug 480262SUSE bug 548555CVE-2009-0590SUSE Linux Enterprise Server 12
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
ModerateCVE-2009-0590SUSE bug 459468SUSE bug 489641SUSE bug 629905CVE-2009-0591SUSE Linux Enterprise Server 12
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.
ModerateCVE-2009-0591SUSE bug 489641SUSE bug 629905CVE-2009-0652SUSE Linux Enterprise Server 12
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
ImportantCVE-2009-0652SUSE bug 495473CVE-2009-0688SUSE Linux Enterprise Server 12
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.
ModerateCVE-2009-0688SUSE bug 499104CVE-2009-0696SUSE Linux Enterprise Server 12
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
ImportantCVE-2009-0696SUSE bug 526185CVE-2009-0758SUSE Linux Enterprise Server 12
The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.
ModerateCVE-2009-0758SUSE bug 480865CVE-2009-0771SUSE Linux Enterprise Server 12
The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
ImportantCVE-2009-0771SUSE bug 478625CVE-2009-0772SUSE Linux Enterprise Server 12
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
ImportantCVE-2009-0772SUSE bug 478625CVE-2009-0773SUSE Linux Enterprise Server 12
The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
ImportantCVE-2009-0773SUSE bug 478625CVE-2009-0774SUSE Linux Enterprise Server 12
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
ImportantCVE-2009-0774SUSE bug 478625CVE-2009-0775SUSE Linux Enterprise Server 12
Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
ImportantCVE-2009-0775SUSE bug 478625CVE-2009-0776SUSE Linux Enterprise Server 12
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
ImportantCVE-2009-0776SUSE bug 465291SUSE bug 478625CVE-2009-0777SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
ModerateCVE-2009-0777SUSE bug 478625CVE-2009-0789SUSE Linux Enterprise Server 12
OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.
ImportantCVE-2009-0789SUSE bug 459468SUSE bug 489641SUSE bug 629905CVE-2009-0790SUSE Linux Enterprise Server 12
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.
ModerateCVE-2009-0790SUSE bug 487762CVE-2009-0793SUSE Linux Enterprise Server 12
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."
ModerateCVE-2009-0793SUSE bug 490610SUSE bug 521512SUSE bug 521513CVE-2009-0799SUSE Linux Enterprise Server 12
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
ModerateCVE-2009-0799SUSE bug 487100CVE-2009-0800SUSE Linux Enterprise Server 12
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
ModerateCVE-2009-0800SUSE bug 487100CVE-2009-0844SUSE Linux Enterprise Server 12
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.
ModerateCVE-2009-0844SUSE bug 486722CVE-2009-0845SUSE Linux Enterprise Server 12
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
ModerateCVE-2009-0845SUSE bug 485894SUSE bug 486722CVE-2009-0846SUSE Linux Enterprise Server 12
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
CriticalCVE-2009-0846SUSE bug 486723CVE-2009-0847SUSE Linux Enterprise Server 12
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
ImportantCVE-2009-0847SUSE bug 486722CVE-2009-0945SUSE Linux Enterprise Server 12
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.
ModerateCVE-2009-0945SUSE bug 512559SUSE bug 515124SUSE bug 541632SUSE bug 601349SUSE bug 644114CVE-2009-0946SUSE Linux Enterprise Server 12
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
ModerateCVE-2009-0946SUSE bug 485889SUSE bug 496289SUSE bug 541626CVE-2009-1044SUSE Linux Enterprise Server 12
Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
ImportantCVE-2009-1044SUSE bug 465291SUSE bug 488955CVE-2009-1169SUSE Linux Enterprise Server 12
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.
ImportantCVE-2009-1169SUSE bug 488955SUSE bug 509766SUSE bug 510964SUSE bug 515951CVE-2009-1179SUSE Linux Enterprise Server 12
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
ModerateCVE-2009-1179SUSE bug 487100CVE-2009-1180SUSE Linux Enterprise Server 12
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
ModerateCVE-2009-1180SUSE bug 487100CVE-2009-1181SUSE Linux Enterprise Server 12
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
ModerateCVE-2009-1181SUSE bug 487100CVE-2009-1182SUSE Linux Enterprise Server 12
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
ModerateCVE-2009-1182SUSE bug 487100CVE-2009-1183SUSE Linux Enterprise Server 12
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
ModerateCVE-2009-1183SUSE bug 487100CVE-2009-1187SUSE Linux Enterprise Server 12
Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).
ModerateCVE-2009-1187SUSE bug 487100SUSE bug 508153SUSE bug 508154SUSE bug 539875SUSE bug 566697CVE-2009-1188SUSE Linux Enterprise Server 12
Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
ModerateCVE-2009-1188SUSE bug 487100SUSE bug 508153SUSE bug 508154SUSE bug 539875SUSE bug 546400SUSE bug 566697CVE-2009-1191SUSE Linux Enterprise Server 12
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
ModerateCVE-2009-1191SUSE bug 521943SUSE bug 539571CVE-2009-1195SUSE Linux Enterprise Server 12
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
ModerateCVE-2009-1195SUSE bug 512583SUSE bug 513080SUSE bug 539571CVE-2009-1210SUSE Linux Enterprise Server 12
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.
ModerateCVE-2009-1210SUSE bug 491449SUSE bug 493584CVE-2009-1252SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.
ModerateCVE-2009-1252SUSE bug 501632CVE-2009-1267SUSE Linux Enterprise Server 12
Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors.
ModerateCVE-2009-1267SUSE bug 493584CVE-2009-1268SUSE Linux Enterprise Server 12
The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.
LowCVE-2009-1268SUSE bug 493584CVE-2009-1269SUSE Linux Enterprise Server 12
Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
LowCVE-2009-1269SUSE bug 493584CVE-2009-1273SUSE Linux Enterprise Server 12
pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
ModerateCVE-2009-1273SUSE bug 492764SUSE bug 507729CVE-2009-1302SUSE Linux Enterprise Server 12
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
ImportantCVE-2009-1302SUSE bug 495473CVE-2009-1303SUSE Linux Enterprise Server 12
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
ImportantCVE-2009-1303SUSE bug 495473CVE-2009-1304SUSE Linux Enterprise Server 12
The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
ImportantCVE-2009-1304SUSE bug 495473CVE-2009-1305SUSE Linux Enterprise Server 12
The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
ImportantCVE-2009-1305SUSE bug 495473CVE-2009-1306SUSE Linux Enterprise Server 12
The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
ModerateCVE-2009-1306SUSE bug 495473CVE-2009-1307SUSE Linux Enterprise Server 12
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
ModerateCVE-2009-1307SUSE bug 495473SUSE bug 515951CVE-2009-1308SUSE Linux Enterprise Server 12
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
ModerateCVE-2009-1308SUSE bug 495473CVE-2009-1309SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
ModerateCVE-2009-1309SUSE bug 495473CVE-2009-1310SUSE Linux Enterprise Server 12
Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
LowCVE-2009-1310SUSE bug 495473CVE-2009-1311SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.
ModerateCVE-2009-1311SUSE bug 465291SUSE bug 495473SUSE bug 515951CVE-2009-1312SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.
ModerateCVE-2009-1312SUSE bug 495473CVE-2009-1313SUSE Linux Enterprise Server 12
The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
ImportantCVE-2009-1313SUSE bug 500909SUSE bug 502062CVE-2009-1377SUSE Linux Enterprise Server 12
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
ModerateCVE-2009-1377SUSE bug 459468SUSE bug 504687SUSE bug 629905CVE-2009-1378SUSE Linux Enterprise Server 12
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
ModerateCVE-2009-1378SUSE bug 459468SUSE bug 504687SUSE bug 629905CVE-2009-1379SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
ModerateCVE-2009-1379SUSE bug 459468SUSE bug 504687SUSE bug 629905CVE-2009-1384SUSE Linux Enterprise Server 12
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
LowCVE-2009-1384SUSE bug 507729CVE-2009-1386SUSE Linux Enterprise Server 12
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
ModerateCVE-2009-1386SUSE bug 459468SUSE bug 509031SUSE bug 515659SUSE bug 629905CVE-2009-1387SUSE Linux Enterprise Server 12
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
ModerateCVE-2009-1387SUSE bug 459468SUSE bug 509031SUSE bug 515659SUSE bug 629905CVE-2009-1563SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ImportantCVE-2009-1563SUSE bug 522109SUSE bug 545277SUSE bug 546371SUSE bug 557126SUSE bug 557127SUSE bug 557128SUSE bug 557671CVE-2009-1720SUSE Linux Enterprise Server 12
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information.
ModerateCVE-2009-1720SUSE bug 527538SUSE bug 527539CVE-2009-1721SUSE Linux Enterprise Server 12
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.
ModerateCVE-2009-1721SUSE bug 527538SUSE bug 527539CVE-2009-1886SUSE Linux Enterprise Server 12
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
CriticalCVE-2009-1886SUSE bug 513360SUSE bug 515479CVE-2009-1888SUSE Linux Enterprise Server 12
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.
LowCVE-2009-1888SUSE bug 513360SUSE bug 515479CVE-2009-1890SUSE Linux Enterprise Server 12
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
ModerateCVE-2009-1890SUSE bug 519194CVE-2009-1891SUSE Linux Enterprise Server 12
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
ModerateCVE-2009-1891SUSE bug 521906CVE-2009-1892SUSE Linux Enterprise Server 12
dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.
ModerateCVE-2009-1892SUSE bug 519413CVE-2009-1955SUSE Linux Enterprise Server 12
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
ModerateCVE-2009-1955SUSE bug 509825SUSE bug 510301SUSE bug 529591SUSE bug 992541CVE-2009-1956SUSE Linux Enterprise Server 12
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
ModerateCVE-2009-1956SUSE bug 510301CVE-2009-2285SUSE Linux Enterprise Server 12
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
ModerateCVE-2009-2285SUSE bug 518698CVE-2009-2347SUSE Linux Enterprise Server 12
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
ModerateCVE-2009-2347SUSE bug 519796SUSE bug 616827CVE-2009-2412SUSE Linux Enterprise Server 12
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
ModerateCVE-2009-2412SUSE bug 528714SUSE bug 529591SUSE bug 802057CVE-2009-2417SUSE Linux Enterprise Server 12
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
ModerateCVE-2009-2417SUSE bug 527990SUSE bug 528372CVE-2009-2470SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply.
ModerateCVE-2009-2470CVE-2009-2473SUSE Linux Enterprise Server 12
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
ModerateCVE-2009-2473SUSE bug 528370SUSE bug 532345CVE-2009-2474SUSE Linux Enterprise Server 12
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
ModerateCVE-2009-2474SUSE bug 528370CVE-2009-2624SUSE Linux Enterprise Server 12
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.
ModerateCVE-2009-2624SUSE bug 570331SUSE bug 588113CVE-2009-2625SUSE Linux Enterprise Server 12
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
ImportantCVE-2009-2625SUSE bug 525562SUSE bug 530717SUSE bug 534025SUSE bug 534721SUSE bug 537969SUSE bug 540945SUSE bug 548655SUSE bug 550664SUSE bug 553220SUSE bug 558892SUSE bug 581162SUSE bug 581765SUSE bug 610080SUSE bug 611931SUSE bug 611932CVE-2009-2654SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
ModerateCVE-2009-2654SUSE bug 527489CVE-2009-2666SUSE Linux Enterprise Server 12
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
ModerateCVE-2009-2666SUSE bug 528746CVE-2009-2699SUSE Linux Enterprise Server 12
The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
ModerateCVE-2009-2699SUSE bug 1078450SUSE bug 1095150CVE-2009-2813SUSE Linux Enterprise Server 12
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
ModerateCVE-2009-2813SUSE bug 515479SUSE bug 539517SUSE bug 543115CVE-2009-2820SUSE Linux Enterprise Server 12
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.
ModerateCVE-2009-2820SUSE bug 548317SUSE bug 551563SUSE bug 574336CVE-2009-2906SUSE Linux Enterprise Server 12
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
ModerateCVE-2009-2906SUSE bug 515479SUSE bug 543115CVE-2009-2911SUSE Linux Enterprise Server 12
SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records.
ModerateCVE-2009-2911SUSE bug 548361SUSE bug 574243CVE-2009-2948SUSE Linux Enterprise Server 12
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.
LowCVE-2009-2948SUSE bug 515479SUSE bug 542150SUSE bug 543115CVE-2009-3069SUSE Linux Enterprise Server 12
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2009-3069SUSE bug 534458CVE-2009-3070SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2009-3070SUSE bug 534458SUSE bug 538290CVE-2009-3071SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2009-3071SUSE bug 534458SUSE bug 538290CVE-2009-3072SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.
ImportantCVE-2009-3072SUSE bug 534458SUSE bug 538290SUSE bug 590499SUSE bug 607935CVE-2009-3073SUSE Linux Enterprise Server 12
Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2009-3073SUSE bug 534458CVE-2009-3074SUSE Linux Enterprise Server 12
Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2009-3074SUSE bug 538290CVE-2009-3075SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.
ModerateCVE-2009-3075SUSE bug 534458SUSE bug 538290SUSE bug 590499SUSE bug 607935CVE-2009-3077SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."
ImportantCVE-2009-3077SUSE bug 534458SUSE bug 538290SUSE bug 590499SUSE bug 607935CVE-2009-3078SUSE Linux Enterprise Server 12
Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.
ModerateCVE-2009-3078SUSE bug 534458SUSE bug 538290CVE-2009-3079SUSE Linux Enterprise Server 12
Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.
ModerateCVE-2009-3079SUSE bug 534458SUSE bug 538290CVE-2009-3094SUSE Linux Enterprise Server 12
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
ModerateCVE-2009-3094SUSE bug 538322CVE-2009-3095SUSE Linux Enterprise Server 12
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
ModerateCVE-2009-3095SUSE bug 538322CVE-2009-3235SUSE Linux Enterprise Server 12
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
ModerateCVE-2009-3235SUSE bug 539876SUSE bug 539877CVE-2009-3241SUSE Linux Enterprise Server 12
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
ModerateCVE-2009-3241SUSE bug 541654CVE-2009-3242SUSE Linux Enterprise Server 12
Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.
ModerateCVE-2009-3242SUSE bug 541659CVE-2009-3243SUSE Linux Enterprise Server 12
Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.
ModerateCVE-2009-3243SUSE bug 541655CVE-2009-3274SUSE Linux Enterprise Server 12
Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information.
ModerateCVE-2009-3274SUSE bug 522109SUSE bug 534458SUSE bug 545277CVE-2009-3295SUSE Linux Enterprise Server 12
The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.
ModerateCVE-2009-3295SUSE bug 561347CVE-2009-3297SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0787, CVE-2010-0788, CVE-2010-0789. Reason: this candidate was intended for one issue in Samba, but it was used for multiple distinct issues, including one in FUSE and one in ncpfs. Notes: All CVE users should consult CVE-2010-0787 (Samba), CVE-2010-0788 (ncpfs), and CVE-2010-0789 (FUSE) to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.
LowCVE-2009-3297SUSE bug 550002SUSE bug 550003SUSE bug 550004SUSE bug 577925SUSE bug 583535SUSE bug 583536SUSE bug 594263SUSE bug 620680SUSE bug 651598CVE-2009-3370SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.
ModerateCVE-2009-3370SUSE bug 522109SUSE bug 545277CVE-2009-3371SUSE Linux Enterprise Server 12
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.
CriticalCVE-2009-3371SUSE bug 522109SUSE bug 545277CVE-2009-3372SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
ModerateCVE-2009-3372SUSE bug 522109SUSE bug 545277CVE-2009-3373SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
ModerateCVE-2009-3373SUSE bug 522109SUSE bug 545277SUSE bug 557686CVE-2009-3374SUSE Linux Enterprise Server 12
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."
ImportantCVE-2009-3374SUSE bug 522109SUSE bug 545277CVE-2009-3375SUSE Linux Enterprise Server 12
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
ModerateCVE-2009-3375SUSE bug 522109SUSE bug 545277CVE-2009-3376SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
LowCVE-2009-3376SUSE bug 522109SUSE bug 545277SUSE bug 590499SUSE bug 607935CVE-2009-3377SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2009-3377SUSE bug 522109SUSE bug 545277CVE-2009-3378SUSE Linux Enterprise Server 12
The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.
CriticalCVE-2009-3378SUSE bug 522109SUSE bug 545277CVE-2009-3379SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
ModerateCVE-2009-3379SUSE bug 522109SUSE bug 545277SUSE bug 608192CVE-2009-3380SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2009-3380SUSE bug 522109SUSE bug 545277CVE-2009-3381SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2009-3381SUSE bug 522109SUSE bug 545277CVE-2009-3383SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2009-3383SUSE bug 522109SUSE bug 545277CVE-2009-3388SUSE Linux Enterprise Server 12
liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."
CriticalCVE-2009-3388SUSE bug 559807CVE-2009-3389SUSE Linux Enterprise Server 12
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.
CriticalCVE-2009-3389SUSE bug 559807SUSE bug 581722CVE-2009-3553SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.
ModerateCVE-2009-3553SUSE bug 554861SUSE bug 574336SUSE bug 578215CVE-2009-3555SUSE Linux Enterprise Server 12
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
ImportantCVE-2009-3555SUSE bug 1077582SUSE bug 459468SUSE bug 552497SUSE bug 553641SUSE bug 554069SUSE bug 554084SUSE bug 554085SUSE bug 555177SUSE bug 557168SUSE bug 564507SUSE bug 566041SUSE bug 584292SUSE bug 586567SUSE bug 586809SUSE bug 588996SUSE bug 590826SUSE bug 592589SUSE bug 594415SUSE bug 604782SUSE bug 614753SUSE bug 622073SUSE bug 623905SUSE bug 629905SUSE bug 642531SUSE bug 646073SUSE bug 646906SUSE bug 648140SUSE bug 648950SUSE bug 659926SUSE bug 670152SUSE bug 704832SUSE bug 728876SUSE bug 729181SUSE bug 753357SUSE bug 791794SUSE bug 799454SUSE bug 815621SUSE bug 979060SUSE bug 986238CVE-2009-3560SUSE Linux Enterprise Server 12
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
ModerateCVE-2009-3560SUSE bug 550666SUSE bug 558892SUSE bug 561561SUSE bug 581162SUSE bug 581765SUSE bug 611931SUSE bug 694595SUSE bug 725950CVE-2009-3607SUSE Linux Enterprise Server 12
Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
CriticalCVE-2009-3607SUSE bug 546393SUSE bug 566697CVE-2009-3608SUSE Linux Enterprise Server 12
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
ModerateCVE-2009-3608SUSE bug 543090SUSE bug 543410SUSE bug 546400SUSE bug 546404SUSE bug 556049SUSE bug 566697CVE-2009-3627SUSE Linux Enterprise Server 12
The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.
ModerateCVE-2009-3627SUSE bug 550076SUSE bug 585716CVE-2009-3700SUSE Linux Enterprise Server 12
Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to "emergency mode."
ModerateCVE-2009-3700SUSE bug 550930CVE-2009-3720SUSE Linux Enterprise Server 12
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
ModerateCVE-2009-3720SUSE bug 534721SUSE bug 550664SUSE bug 550666SUSE bug 558892SUSE bug 561561SUSE bug 581162SUSE bug 581765SUSE bug 611931SUSE bug 725950CVE-2009-3736SUSE Linux Enterprise Server 12
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
ModerateCVE-2009-3736SUSE bug 556122CVE-2009-3826SUSE Linux Enterprise Server 12
Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL.
ModerateCVE-2009-3826SUSE bug 550930CVE-2009-3939SUSE Linux Enterprise Server 12
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
ModerateCVE-2009-3939SUSE bug 555173SUSE bug 557180CVE-2009-3979SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2009-3979SUSE bug 559807CVE-2009-3980SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2009-3980SUSE bug 559807CVE-2009-3982SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2009-3982SUSE bug 559807CVE-2009-3983SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
ModerateCVE-2009-3983SUSE bug 559807SUSE bug 590499SUSE bug 607935CVE-2009-3984SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.
ModerateCVE-2009-3984SUSE bug 559807CVE-2009-3985SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
ModerateCVE-2009-3985SUSE bug 559807CVE-2009-4019SUSE Linux Enterprise Server 12
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
LowCVE-2009-4019SUSE bug 557669SUSE bug 604528CVE-2009-4022SUSE Linux Enterprise Server 12
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
ImportantCVE-2009-4022SUSE bug 558260SUSE bug 570912SUSE bug 644911CVE-2009-4026SUSE Linux Enterprise Server 12
The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous "code shuffling patch."
ImportantCVE-2009-4026SUSE bug 558267CVE-2009-4027SUSE Linux Enterprise Server 12
Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session.
ImportantCVE-2009-4027SUSE bug 558267CVE-2009-4028SUSE Linux Enterprise Server 12
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
ModerateCVE-2009-4028SUSE bug 557669SUSE bug 604528CVE-2009-4029SUSE Linux Enterprise Server 12
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
LowCVE-2009-4029SUSE bug 559815SUSE bug 770618SUSE bug 786745CVE-2009-4030SUSE Linux Enterprise Server 12
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
LowCVE-2009-4030SUSE bug 557669SUSE bug 604528CVE-2009-4034SUSE Linux Enterprise Server 12
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
LowCVE-2009-4034SUSE bug 564710SUSE bug 603968CVE-2009-4131SUSE Linux Enterprise Server 12
The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.
ImportantCVE-2009-4131SUSE bug 561018SUSE bug 564380CVE-2009-4136SUSE Linux Enterprise Server 12
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
ModerateCVE-2009-4136SUSE bug 564360SUSE bug 603969CVE-2009-4138SUSE Linux Enterprise Server 12
drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.
ModerateCVE-2009-4138SUSE bug 564712CVE-2009-4212SUSE Linux Enterprise Server 12
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
CriticalCVE-2009-4212SUSE bug 561351CVE-2009-4273SUSE Linux Enterprise Server 12
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
ImportantCVE-2009-4273SUSE bug 574243CVE-2009-4492SUSE Linux Enterprise Server 12
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
ModerateCVE-2009-4492SUSE bug 570616SUSE bug 580482CVE-2009-4536SUSE Linux Enterprise Server 12
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
ImportantCVE-2009-4536SUSE bug 567376CVE-2009-4538SUSE Linux Enterprise Server 12
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
ModerateCVE-2009-4538SUSE bug 567376CVE-2009-5029SUSE Linux Enterprise Server 12
Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
ModerateCVE-2009-5029SUSE bug 735850SUSE bug 736174SUSE bug 759836SUSE bug 826666SUSE bug 920055CVE-2009-5044SUSE Linux Enterprise Server 12
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
ModerateCVE-2009-5044SUSE bug 698290SUSE bug 703666CVE-2009-5080SUSE Linux Enterprise Server 12
The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.
LowCVE-2009-5080SUSE bug 703665CVE-2009-5081SUSE Linux Enterprise Server 12
The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.
LowCVE-2009-5081SUSE bug 703666CVE-2010-0001SUSE Linux Enterprise Server 12
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
ImportantCVE-2010-0001SUSE bug 570331SUSE bug 588113CVE-2010-0164SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values.
CriticalCVE-2010-0164CVE-2010-0165SUSE Linux Enterprise Server 12
The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function.
CriticalCVE-2010-0165CVE-2010-0166SUSE Linux Enterprise Server 12
The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters.
ModerateCVE-2010-0166CVE-2010-0167SUSE Linux Enterprise Server 12
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp.
ImportantCVE-2010-0167CVE-2010-0168SUSE Linux Enterprise Server 12
The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting.
ImportantCVE-2010-0168CVE-2010-0169SUSE Linux Enterprise Server 12
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.
ModerateCVE-2010-0169CVE-2010-0170SUSE Linux Enterprise Server 12
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.
ModerateCVE-2010-0170CVE-2010-0171SUSE Linux Enterprise Server 12
Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.
ModerateCVE-2010-0171CVE-2010-0172SUSE Linux Enterprise Server 12
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.
ModerateCVE-2010-0172CVE-2010-0173SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2010-0173SUSE bug 586567CVE-2010-0174SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2010-0174SUSE bug 586567CVE-2010-0176SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability."
ImportantCVE-2010-0176SUSE bug 586567CVE-2010-0177SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability."
ImportantCVE-2010-0177SUSE bug 586567CVE-2010-0178SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL.
ImportantCVE-2010-0178SUSE bug 586567CVE-2010-0181SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images.
ModerateCVE-2010-0181SUSE bug 586567CVE-2010-0182SUSE Linux Enterprise Server 12
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.
ModerateCVE-2010-0182SUSE bug 586567CVE-2010-0283SUSE Linux Enterprise Server 12
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
ImportantCVE-2010-0283SUSE bug 571781SUSE bug 576524CVE-2010-0393SUSE Linux Enterprise Server 12
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.
ModerateCVE-2010-0393SUSE bug 574336CVE-2010-0405SUSE Linux Enterprise Server 12
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
ModerateCVE-2010-0405SUSE bug 636978SUSE bug 646682CVE-2010-0407SUSE Linux Enterprise Server 12
Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.
ModerateCVE-2010-0407SUSE bug 609317SUSE bug 641823CVE-2010-0408SUSE Linux Enterprise Server 12
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
ModerateCVE-2010-0408SUSE bug 586572SUSE bug 601151CVE-2010-0411SUSE Linux Enterprise Server 12
Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.
ModerateCVE-2010-0411SUSE bug 574243SUSE bug 577382CVE-2010-0412SUSE Linux Enterprise Server 12
stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273.
ImportantCVE-2010-0412SUSE bug 574243CVE-2010-0424SUSE Linux Enterprise Server 12
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.
ModerateCVE-2010-0424SUSE bug 579447SUSE bug 580800SUSE bug 589640SUSE bug 590353CVE-2010-0425SUSE Linux Enterprise Server 12
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
CriticalCVE-2010-0425SUSE bug 1078450SUSE bug 1095150SUSE bug 586572SUSE bug 601151CVE-2010-0434SUSE Linux Enterprise Server 12
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
LowCVE-2010-0434SUSE bug 586572SUSE bug 601151CVE-2010-0540SUSE Linux Enterprise Server 12
Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.
ModerateCVE-2010-0540SUSE bug 601830SUSE bug 671735SUSE bug 680210SUSE bug 680212SUSE bug 700987SUSE bug 711490SUSE bug 715643SUSE bug 748422CVE-2010-0541SUSE Linux Enterprise Server 12
Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page.
ModerateCVE-2010-0541SUSE bug 600752CVE-2010-0542SUSE Linux Enterprise Server 12
The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.
ModerateCVE-2010-0542SUSE bug 601352SUSE bug 644521SUSE bug 657780CVE-2010-0547SUSE Linux Enterprise Server 12
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.
ModerateCVE-2010-0547SUSE bug 577868SUSE bug 577925SUSE bug 583535SUSE bug 583536SUSE bug 594263SUSE bug 597421SUSE bug 602694SUSE bug 709819CVE-2010-0624SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
ModerateCVE-2010-0624SUSE bug 579475SUSE bug 608034CVE-2010-0628SUSE Linux Enterprise Server 12
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.
ImportantCVE-2010-0628SUSE bug 582557SUSE bug 586981CVE-2010-0654SUSE Linux Enterprise Server 12
Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
ModerateCVE-2010-0654SUSE bug 583603SUSE bug 622506CVE-2010-0728SUSE Linux Enterprise Server 12
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.
ImportantCVE-2010-0728SUSE bug 586683CVE-2010-0740SUSE Linux Enterprise Server 12
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
ModerateCVE-2010-0740SUSE bug 590833SUSE bug 629905CVE-2010-0742SUSE Linux Enterprise Server 12
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.
ModerateCVE-2010-0742SUSE bug 610642CVE-2010-0750SUSE Linux Enterprise Server 12
pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument.
ModerateCVE-2010-0750SUSE bug 593959CVE-2010-0787SUSE Linux Enterprise Server 12
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.
ModerateCVE-2010-0787SUSE bug 550002SUSE bug 602694SUSE bug 620680CVE-2010-0926SUSE Linux Enterprise Server 12
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
ModerateCVE-2010-0926SUSE bug 1027147SUSE bug 577868SUSE bug 597421CVE-2010-1028SUSE Linux Enterprise Server 12
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.
CriticalCVE-2010-1028CVE-2010-1121SUSE Linux Enterprise Server 12
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.
ImportantCVE-2010-1121SUSE bug 603356CVE-2010-1125SUSE Linux Enterprise Server 12
The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.
ModerateCVE-2010-1125SUSE bug 603356CVE-2010-1146SUSE Linux Enterprise Server 12
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.
ModerateCVE-2010-1146SUSE bug 593906CVE-2010-1163SUSE Linux Enterprise Server 12
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.
ModerateCVE-2010-1163SUSE bug 594738CVE-2010-1167SUSE Linux Enterprise Server 12
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.
ModerateCVE-2010-1167SUSE bug 597673CVE-2010-1169SUSE Linux Enterprise Server 12
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.
ModerateCVE-2010-1169SUSE bug 605926SUSE bug 648140CVE-2010-1170SUSE Linux Enterprise Server 12
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.
ModerateCVE-2010-1170SUSE bug 605845SUSE bug 605926SUSE bug 634562SUSE bug 648140CVE-2010-1172SUSE Linux Enterprise Server 12
DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.
ModerateCVE-2010-1172SUSE bug 628607SUSE bug 633621SUSE bug 633622SUSE bug 633623SUSE bug 633629SUSE bug 633637SUSE bug 633639SUSE bug 633648SUSE bug 633652SUSE bug 633653SUSE bug 633654SUSE bug 633658SUSE bug 633660SUSE bug 633678SUSE bug 633679SUSE bug 633681SUSE bug 633682SUSE bug 633685SUSE bug 633686SUSE bug 633700SUSE bug 633701SUSE bug 633702CVE-2010-1196SUSE Linux Enterprise Server 12
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.
ImportantCVE-2010-1196SUSE bug 603356SUSE bug 617399CVE-2010-1197SUSE Linux Enterprise Server 12
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.
ModerateCVE-2010-1197SUSE bug 603356SUSE bug 617399CVE-2010-1198SUSE Linux Enterprise Server 12
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.
ImportantCVE-2010-1198SUSE bug 603356SUSE bug 617399CVE-2010-1199SUSE Linux Enterprise Server 12
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.
ImportantCVE-2010-1199SUSE bug 603356SUSE bug 617399CVE-2010-1200SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2010-1200SUSE bug 603356SUSE bug 617399CVE-2010-1201SUSE Linux Enterprise Server 12
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2010-1201SUSE bug 603356SUSE bug 617399CVE-2010-1202SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2010-1202SUSE bug 603356SUSE bug 617399CVE-2010-1203SUSE Linux Enterprise Server 12
The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.
ImportantCVE-2010-1203SUSE bug 603356SUSE bug 617399CVE-2010-1205SUSE Linux Enterprise Server 12
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
ImportantCVE-2010-1205SUSE bug 617866SUSE bug 622506SUSE bug 639941SUSE bug 854395CVE-2010-1206SUSE Linux Enterprise Server 12
The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call.
ModerateCVE-2010-1206SUSE bug 618183SUSE bug 622506CVE-2010-1207SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion.
ModerateCVE-2010-1207SUSE bug 622506CVE-2010-1208SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.
ImportantCVE-2010-1208SUSE bug 622506CVE-2010-1209SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback.
ImportantCVE-2010-1209SUSE bug 622506CVE-2010-1210SUSE Linux Enterprise Server 12
intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text.
ModerateCVE-2010-1210SUSE bug 622506CVE-2010-1211SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2010-1211SUSE bug 622506CVE-2010-1212SUSE Linux Enterprise Server 12
js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function.
ImportantCVE-2010-1212SUSE bug 622506CVE-2010-1213SUSE Linux Enterprise Server 12
The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.
ModerateCVE-2010-1213SUSE bug 622506CVE-2010-1214SUSE Linux Enterprise Server 12
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.
ImportantCVE-2010-1214SUSE bug 622506CVE-2010-1215SUSE Linux Enterprise Server 12
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."
ImportantCVE-2010-1215SUSE bug 622506CVE-2010-1320SUSE Linux Enterprise Server 12
Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.
ImportantCVE-2010-1320SUSE bug 596002CVE-2010-1321SUSE Linux Enterprise Server 12
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
ModerateCVE-2010-1321SUSE bug 596826SUSE bug 611090SUSE bug 646073SUSE bug 648950SUSE bug 658525SUSE bug 659926SUSE bug 663953SUSE bug 679560CVE-2010-1322SUSE Linux Enterprise Server 12
The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.
ModerateCVE-2010-1322SUSE bug 640990CVE-2010-1323SUSE Linux Enterprise Server 12
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.
ModerateCVE-2010-1323SUSE bug 650650CVE-2010-1324SUSE Linux Enterprise Server 12
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.
ModerateCVE-2010-1324SUSE bug 650650CVE-2010-1436SUSE Linux Enterprise Server 12
gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system.
ImportantCVE-2010-1436SUSE bug 599957CVE-2010-1452SUSE Linux Enterprise Server 12
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
ModerateCVE-2010-1452SUSE bug 627030CVE-2010-1455SUSE Linux Enterprise Server 12
The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.
ModerateCVE-2010-1455SUSE bug 603251CVE-2010-1623SUSE Linux Enterprise Server 12
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
ModerateCVE-2010-1623SUSE bug 650435SUSE bug 693778SUSE bug 725950SUSE bug 997229CVE-2010-1633SUSE Linux Enterprise Server 12
RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.
LowCVE-2010-1633SUSE bug 610642CVE-2010-1635SUSE Linux Enterprise Server 12
The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.
ModerateCVE-2010-1635SUSE bug 605935CVE-2010-1641SUSE Linux Enterprise Server 12
The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request.
ModerateCVE-2010-1641SUSE bug 608576CVE-2010-1642SUSE Linux Enterprise Server 12
The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.
ModerateCVE-2010-1642SUSE bug 605935CVE-2010-1646SUSE Linux Enterprise Server 12
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.
ModerateCVE-2010-1646SUSE bug 594738CVE-2010-1674SUSE Linux Enterprise Server 12
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.
LowCVE-2010-1674SUSE bug 654270SUSE bug 685558CVE-2010-1675SUSE Linux Enterprise Server 12
bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute.
ModerateCVE-2010-1675SUSE bug 654270SUSE bug 685558CVE-2010-1748SUSE Linux Enterprise Server 12
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
ModerateCVE-2010-1748SUSE bug 601352SUSE bug 604271SUSE bug 644521SUSE bug 649256SUSE bug 657780CVE-2010-2063SUSE Linux Enterprise Server 12
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.
ImportantCVE-2010-2063SUSE bug 611927CVE-2010-2065SUSE Linux Enterprise Server 12
Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow.
ModerateCVE-2010-2065SUSE bug 612787SUSE bug 612879CVE-2010-2066SUSE Linux Enterprise Server 12
The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.
LowCVE-2010-2066SUSE bug 612457CVE-2010-2067SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.
ImportantCVE-2010-2067SUSE bug 612787SUSE bug 612879CVE-2010-2068SUSE Linux Enterprise Server 12
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
ModerateCVE-2010-2068SUSE bug 627030SUSE bug 627387CVE-2010-2074SUSE Linux Enterprise Server 12
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
ModerateCVE-2010-2074SUSE bug 609451CVE-2010-2156SUSE Linux Enterprise Server 12
ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.
ModerateCVE-2010-2156SUSE bug 612546CVE-2010-2233SUSE Linux Enterprise Server 12
tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."
ImportantCVE-2010-2233SUSE bug 612879CVE-2010-2240SUSE Linux Enterprise Server 12
The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server.
ImportantCVE-2010-2240SUSE bug 1039348SUSE bug 211997SUSE bug 546062SUSE bug 59807SUSE bug 615929SUSE bug 618152SUSE bug 632737SUSE bug 643986SUSE bug 746947SUSE bug 746949CVE-2010-2242SUSE Linux Enterprise Server 12
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
ModerateCVE-2010-2242SUSE bug 618155CVE-2010-2244SUSE Linux Enterprise Server 12
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081.
ModerateCVE-2010-2244SUSE bug 603289SUSE bug 646961CVE-2010-2252SUSE Linux Enterprise Server 12
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
ModerateCVE-2010-2252SUSE bug 606317CVE-2010-2497SUSE Linux Enterprise Server 12
Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
ImportantCVE-2010-2497SUSE bug 619562SUSE bug 635692CVE-2010-2522SUSE Linux Enterprise Server 12
The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message.
ModerateCVE-2010-2522SUSE bug 424311CVE-2010-2523SUSE Linux Enterprise Server 12
Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allow remote attackers to have an unspecified impact via a crafted (1) ND_OPT_PREFIX_INFORMATION or (2) ND_OPT_HOME_AGENT_INFO packet.
ModerateCVE-2010-2523SUSE bug 424311CVE-2010-2529SUSE Linux Enterprise Server 12
Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response.
ImportantCVE-2010-2529SUSE bug 620837CVE-2010-2547SUSE Linux Enterprise Server 12
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
ModerateCVE-2010-2547SUSE bug 625947CVE-2010-2640SUSE Linux Enterprise Server 12
Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
ModerateCVE-2010-2640SUSE bug 660555CVE-2010-2641SUSE Linux Enterprise Server 12
Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
ModerateCVE-2010-2641SUSE bug 660555CVE-2010-2642SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
ModerateCVE-2010-2642SUSE bug 660555SUSE bug 661018SUSE bug 662411SUSE bug 664484SUSE bug 790421CVE-2010-2643SUSE Linux Enterprise Server 12
Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
ModerateCVE-2010-2643SUSE bug 660555CVE-2010-2751SUSE Linux Enterprise Server 12
The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions.
ModerateCVE-2010-2751SUSE bug 622506CVE-2010-2752SUSE Linux Enterprise Server 12
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers.
ImportantCVE-2010-2752SUSE bug 622506CVE-2010-2753SUSE Linux Enterprise Server 12
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.
ImportantCVE-2010-2753SUSE bug 622506SUSE bug 637303CVE-2010-2754SUSE Linux Enterprise Server 12
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
ModerateCVE-2010-2754SUSE bug 622506CVE-2010-2755SUSE Linux Enterprise Server 12
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.
ImportantCVE-2010-2755SUSE bug 622506CVE-2010-2760SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753.
ModerateCVE-2010-2760SUSE bug 637303SUSE bug 638109CVE-2010-2761SUSE Linux Enterprise Server 12
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
ModerateCVE-2010-2761SUSE bug 657343SUSE bug 657731SUSE bug 663396SUSE bug 669245SUSE bug 670476CVE-2010-2762SUSE Linux Enterprise Server 12
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.
ImportantCVE-2010-2762SUSE bug 637303CVE-2010-2764SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.
ModerateCVE-2010-2764SUSE bug 637303SUSE bug 638109CVE-2010-2765SUSE Linux Enterprise Server 12
Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow.
ModerateCVE-2010-2765SUSE bug 637303SUSE bug 638109CVE-2010-2766SUSE Linux Enterprise Server 12
The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object.
ModerateCVE-2010-2766SUSE bug 637303SUSE bug 638109CVE-2010-2767SUSE Linux Enterprise Server 12
The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability."
ModerateCVE-2010-2767SUSE bug 637303SUSE bug 638109CVE-2010-2768SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.
ModerateCVE-2010-2768SUSE bug 637303SUSE bug 638109CVE-2010-2769SUSE Linux Enterprise Server 12
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled.
ModerateCVE-2010-2769SUSE bug 637303SUSE bug 638109CVE-2010-2800SUSE Linux Enterprise Server 12
The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.
ModerateCVE-2010-2800SUSE bug 627753CVE-2010-2801SUSE Linux Enterprise Server 12
Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.
ModerateCVE-2010-2801SUSE bug 627753CVE-2010-2805SUSE Linux Enterprise Server 12
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
ModerateCVE-2010-2805SUSE bug 629447SUSE bug 635692CVE-2010-2891SUSE Linux Enterprise Server 12
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.
ModerateCVE-2010-2891SUSE bug 649867CVE-2010-2939SUSE Linux Enterprise Server 12
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.
ModerateCVE-2010-2939SUSE bug 489641SUSE bug 629905CVE-2010-2941SUSE Linux Enterprise Server 12
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
ModerateCVE-2010-2941SUSE bug 649256SUSE bug 654627CVE-2010-2942SUSE Linux Enterprise Server 12
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.
ModerateCVE-2010-2942SUSE bug 632309SUSE bug 642324CVE-2010-2947SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields.
ImportantCVE-2010-2947SUSE bug 631582CVE-2010-2954SUSE Linux Enterprise Server 12
The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket.
ModerateCVE-2010-2954SUSE bug 636112CVE-2010-2955SUSE Linux Enterprise Server 12
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.
ModerateCVE-2010-2955SUSE bug 635413CVE-2010-2993SUSE Linux Enterprise Server 12
The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
ModerateCVE-2010-2993SUSE bug 630599CVE-2010-3053SUSE Linux Enterprise Server 12
bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.
ModerateCVE-2010-3053SUSE bug 633938SUSE bug 635692SUSE bug 645982CVE-2010-3054SUSE Linux Enterprise Server 12
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.
ModerateCVE-2010-3054SUSE bug 633943SUSE bug 635692SUSE bug 645982CVE-2010-3069SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.
ImportantCVE-2010-3069SUSE bug 637218CVE-2010-3081SUSE Linux Enterprise Server 12
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.
ImportantCVE-2010-3081SUSE bug 639709SUSE bug 641575SUSE bug 871595CVE-2010-3166SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run.
ModerateCVE-2010-3166SUSE bug 637303SUSE bug 638109CVE-2010-3167SUSE Linux Enterprise Server 12
The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability."
ModerateCVE-2010-3167SUSE bug 637303SUSE bug 638109CVE-2010-3168SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties.
ModerateCVE-2010-3168SUSE bug 637303SUSE bug 638109CVE-2010-3169SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2010-3169SUSE bug 637303SUSE bug 638109CVE-2010-3170SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
ModerateCVE-2010-3170SUSE bug 637290SUSE bug 645315SUSE bug 652858SUSE bug 868629CVE-2010-3173SUSE Linux Enterprise Server 12
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
ModerateCVE-2010-3173SUSE bug 645315CVE-2010-3174SUSE Linux Enterprise Server 12
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2010-3174SUSE bug 645315SUSE bug 652858CVE-2010-3175SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2010-3175SUSE bug 645315SUSE bug 652858CVE-2010-3176SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2010-3176SUSE bug 645315SUSE bug 652858CVE-2010-3177SUSE Linux Enterprise Server 12
Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.
ModerateCVE-2010-3177SUSE bug 645315SUSE bug 652858CVE-2010-3178SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.
ModerateCVE-2010-3178SUSE bug 645315SUSE bug 652858CVE-2010-3179SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.
ImportantCVE-2010-3179SUSE bug 645315SUSE bug 652858CVE-2010-3180SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.
ImportantCVE-2010-3180SUSE bug 645315SUSE bug 652858CVE-2010-3182SUSE Linux Enterprise Server 12
A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
ModerateCVE-2010-3182SUSE bug 642502SUSE bug 645315SUSE bug 652858CVE-2010-3183SUSE Linux Enterprise Server 12
The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.
ImportantCVE-2010-3183SUSE bug 645315SUSE bug 652858CVE-2010-3296SUSE Linux Enterprise Server 12
The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call.
ModerateCVE-2010-3296SUSE bug 639481SUSE bug 649187CVE-2010-3297SUSE Linux Enterprise Server 12
The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.
ModerateCVE-2010-3297SUSE bug 639482SUSE bug 649187CVE-2010-3298SUSE Linux Enterprise Server 12
The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
ModerateCVE-2010-3298SUSE bug 639483SUSE bug 649187CVE-2010-3301SUSE Linux Enterprise Server 12
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.
ImportantCVE-2010-3301SUSE bug 639708CVE-2010-3310SUSE Linux Enterprise Server 12
Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions.
ImportantCVE-2010-3310SUSE bug 640721CVE-2010-3311SUSE Linux Enterprise Server 12
Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.
ModerateCVE-2010-3311SUSE bug 635692SUSE bug 641580SUSE bug 645982CVE-2010-3430SUSE Linux Enterprise Server 12
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.
ModerateCVE-2010-3430SUSE bug 623457SUSE bug 631802CVE-2010-3431SUSE Linux Enterprise Server 12
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.
ModerateCVE-2010-3431SUSE bug 623457CVE-2010-3433SUSE Linux Enterprise Server 12
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
ModerateCVE-2010-3433SUSE bug 643771SUSE bug 648140CVE-2010-3445SUSE Linux Enterprise Server 12
Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.
ModerateCVE-2010-3445SUSE bug 643078CVE-2010-3609SUSE Linux Enterprise Server 12
The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.
ModerateCVE-2010-3609SUSE bug 642571CVE-2010-3611SUSE Linux Enterprise Server 12
ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.
ModerateCVE-2010-3611SUSE bug 650902SUSE bug 667655CVE-2010-3613SUSE Linux Enterprise Server 12
named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.
ImportantCVE-2010-3613SUSE bug 657129CVE-2010-3614SUSE Linux Enterprise Server 12
named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.
ModerateCVE-2010-3614SUSE bug 657102CVE-2010-3615SUSE Linux Enterprise Server 12
named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.
ImportantCVE-2010-3615SUSE bug 657120CVE-2010-3616SUSE Linux Enterprise Server 12
ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.
ModerateCVE-2010-3616SUSE bug 659059CVE-2010-3765SUSE Linux Enterprise Server 12
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
ImportantCVE-2010-3765SUSE bug 649492SUSE bug 652858CVE-2010-3814SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.
ModerateCVE-2010-3814SUSE bug 647375SUSE bug 689174CVE-2010-3853SUSE Linux Enterprise Server 12
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
ModerateCVE-2010-3853SUSE bug 647958CVE-2010-3855SUSE Linux Enterprise Server 12
Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.
ModerateCVE-2010-3855SUSE bug 647375SUSE bug 689174CVE-2010-3864SUSE Linux Enterprise Server 12
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
ImportantCVE-2010-3864SUSE bug 629905SUSE bug 651003CVE-2010-4000SUSE Linux Enterprise Server 12
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
ModerateCVE-2010-4000SUSE bug 642827CVE-2010-4020SUSE Linux Enterprise Server 12
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
ModerateCVE-2010-4020SUSE bug 650650CVE-2010-4021SUSE Linux Enterprise Server 12
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."
ModerateCVE-2010-4021SUSE bug 650650CVE-2010-4022SUSE Linux Enterprise Server 12
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.
ModerateCVE-2010-4022SUSE bug 662665CVE-2010-4267SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.
ModerateCVE-2010-4267SUSE bug 336658SUSE bug 808355CVE-2010-4300SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption.
ModerateCVE-2010-4300SUSE bug 655448CVE-2010-4301SUSE Linux Enterprise Server 12
epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.
ModerateCVE-2010-4301SUSE bug 655448CVE-2010-4341SUSE Linux Enterprise Server 12
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.
ModerateCVE-2010-4341SUSE bug 660481CVE-2010-4352SUSE Linux Enterprise Server 12
Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.
ModerateCVE-2010-4352SUSE bug 659934CVE-2010-4410SUSE Linux Enterprise Server 12
CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.
ModerateCVE-2010-4410SUSE bug 657343SUSE bug 660127SUSE bug 663396SUSE bug 670476CVE-2010-4411SUSE Linux Enterprise Server 12
Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.
ModerateCVE-2010-4411SUSE bug 657343SUSE bug 657731SUSE bug 663396SUSE bug 669245SUSE bug 670476CVE-2010-4494SUSE Linux Enterprise Server 12
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
ModerateCVE-2010-4494SUSE bug 1123919SUSE bug 661471CVE-2010-4523SUSE Linux Enterprise Server 12
Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c.
ModerateCVE-2010-4523SUSE bug 660109CVE-2010-4530SUSE Linux Enterprise Server 12
Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.
ModerateCVE-2010-4530SUSE bug 661000CVE-2010-4531SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.
ModerateCVE-2010-4531SUSE bug 661000CVE-2010-4538SUSE Linux Enterprise Server 12
Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression.
ModerateCVE-2010-4538SUSE bug 662029CVE-2010-4651SUSE Linux Enterprise Server 12
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.
ModerateCVE-2010-4651SUSE bug 1093615SUSE bug 1101128SUSE bug 662957CVE-2010-4665SUSE Linux Enterprise Server 12
Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.
ModerateCVE-2010-4665SUSE bug 687442SUSE bug 854393CVE-2010-4777SUSE Linux Enterprise Server 12
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
ModerateCVE-2010-4777CVE-2010-5298SUSE Linux Enterprise Server 12
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
ModerateCVE-2010-5298SUSE bug 873351SUSE bug 880891SUSE bug 883126SUSE bug 915913CVE-2011-0010SUSE Linux Enterprise Server 12
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
ModerateCVE-2011-0010SUSE bug 663881CVE-2011-0014SUSE Linux Enterprise Server 12
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."
ModerateCVE-2011-0014SUSE bug 670526CVE-2011-0020SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
ModerateCVE-2011-0020SUSE bug 666101CVE-2011-0024SUSE Linux Enterprise Server 12
Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file.
ModerateCVE-2011-0024SUSE bug 683335CVE-2011-0064SUSE Linux Enterprise Server 12
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
ModerateCVE-2011-0064SUSE bug 666101SUSE bug 672502CVE-2011-0068SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
LowCVE-2011-0068SUSE bug 689281CVE-2011-0069SUSE Linux Enterprise Server 12
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070.
ModerateCVE-2011-0069SUSE bug 689281CVE-2011-0070SUSE Linux Enterprise Server 12
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069.
ImportantCVE-2011-0070SUSE bug 689281CVE-2011-0079SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors.
CriticalCVE-2011-0079SUSE bug 689281CVE-2011-0080SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2011-0080SUSE bug 689281CVE-2011-0081SUSE Linux Enterprise Server 12
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2011-0081SUSE bug 689281CVE-2011-0084SUSE Linux Enterprise Server 12
The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
ImportantCVE-2011-0084SUSE bug 712224CVE-2011-0192SUSE Linux Enterprise Server 12
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
ImportantCVE-2011-0192SUSE bug 672510SUSE bug 682053SUSE bug 682871SUSE bug 854393CVE-2011-0226SUSE Linux Enterprise Server 12
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
ModerateCVE-2011-0226SUSE bug 704612SUSE bug 728044CVE-2011-0281SUSE Linux Enterprise Server 12
The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.
ModerateCVE-2011-0281SUSE bug 663619CVE-2011-0282SUSE Linux Enterprise Server 12
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
ModerateCVE-2011-0282SUSE bug 663619CVE-2011-0284SUSE Linux Enterprise Server 12
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.
ModerateCVE-2011-0284SUSE bug 671717CVE-2011-0285SUSE Linux Enterprise Server 12
The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.
ModerateCVE-2011-0285SUSE bug 687469CVE-2011-0413SUSE Linux Enterprise Server 12
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.
ModerateCVE-2011-0413SUSE bug 667655SUSE bug 680298CVE-2011-0414SUSE Linux Enterprise Server 12
ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.
ImportantCVE-2011-0414SUSE bug 674431CVE-2011-0419SUSE Linux Enterprise Server 12
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
ModerateCVE-2011-0419SUSE bug 693778SUSE bug 700212CVE-2011-0421SUSE Linux Enterprise Server 12
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.
ModerateCVE-2011-0421SUSE bug 681193CVE-2011-0460SUSE Linux Enterprise Server 12
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.
ModerateCVE-2011-0460CVE-2011-0461SUSE Linux Enterprise Server 12
/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab.
ModerateCVE-2011-0461SUSE bug 665479CVE-2011-0465SUSE Linux Enterprise Server 12
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.
ImportantCVE-2011-0465SUSE bug 674733SUSE bug 688931CVE-2011-0538SUSE Linux Enterprise Server 12
Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file.
ModerateCVE-2011-0538SUSE bug 669908CVE-2011-0541SUSE Linux Enterprise Server 12
fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.
ModerateCVE-2011-0541SUSE bug 668820SUSE bug 685055CVE-2011-0707SUSE Linux Enterprise Server 12
Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.
ModerateCVE-2011-0707SUSE bug 671745CVE-2011-0712SUSE Linux Enterprise Server 12
Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.
ModerateCVE-2011-0712SUSE bug 672499CVE-2011-0713SUSE Linux Enterprise Server 12
Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file.
ModerateCVE-2011-0713SUSE bug 672916CVE-2011-0719SUSE Linux Enterprise Server 12
Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
ModerateCVE-2011-0719SUSE bug 670431CVE-2011-0904SUSE Linux Enterprise Server 12
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
ImportantCVE-2011-0904SUSE bug 690238SUSE bug 691207SUSE bug 691356CVE-2011-0905SUSE Linux Enterprise Server 12
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
LowCVE-2011-0905SUSE bug 690238SUSE bug 691207SUSE bug 691356CVE-2011-0997SUSE Linux Enterprise Server 12
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
ImportantCVE-2011-0997SUSE bug 675052SUSE bug 689182SUSE bug 708527SUSE bug 715172CVE-2011-1002SUSE Linux Enterprise Server 12
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
ModerateCVE-2011-1002SUSE bug 671797CVE-2011-1004SUSE Linux Enterprise Server 12
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
ModerateCVE-2011-1004SUSE bug 673740CVE-2011-1005SUSE Linux Enterprise Server 12
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
ModerateCVE-2011-1005SUSE bug 673750SUSE bug 783511SUSE bug 783525SUSE bug 880899CVE-2011-1006SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.
ImportantCVE-2011-1006SUSE bug 675506CVE-2011-1018SUSE Linux Enterprise Server 12
logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.
ImportantCVE-2011-1018SUSE bug 674984CVE-2011-1020SUSE Linux Enterprise Server 12
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
ModerateCVE-2011-1020SUSE bug 674982CVE-2011-1022SUSE Linux Enterprise Server 12
The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.
ModerateCVE-2011-1022SUSE bug 675048CVE-2011-1097SUSE Linux Enterprise Server 12
rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.
ModerateCVE-2011-1097SUSE bug 684387CVE-2011-1098SUSE Linux Enterprise Server 12
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
ModerateCVE-2011-1098SUSE bug 1007000SUSE bug 1136195SUSE bug 677335SUSE bug 677336CVE-2011-1138SUSE Linux Enterprise Server 12
Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet.
ModerateCVE-2011-1138SUSE bug 678567CVE-2011-1139SUSE Linux Enterprise Server 12
wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field.
ModerateCVE-2011-1139SUSE bug 678568CVE-2011-1140SUSE Linux Enterprise Server 12
Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.
ModerateCVE-2011-1140SUSE bug 678569CVE-2011-1143SUSE Linux Enterprise Server 12
epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file.
ModerateCVE-2011-1143SUSE bug 678571CVE-2011-1145SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2011-1145SUSE bug 678796SUSE bug 764737CVE-2011-1146SUSE Linux Enterprise Server 12
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.
ModerateCVE-2011-1146SUSE bug 678406CVE-2011-1154SUSE Linux Enterprise Server 12
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
ModerateCVE-2011-1154SUSE bug 677335SUSE bug 679661SUSE bug 681984CVE-2011-1155SUSE Linux Enterprise Server 12
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
ModerateCVE-2011-1155SUSE bug 677335SUSE bug 679662CVE-2011-1164SUSE Linux Enterprise Server 12
Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
ModerateCVE-2011-1164SUSE bug 680072CVE-2011-1167SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
ModerateCVE-2011-1167SUSE bug 683337SUSE bug 854393CVE-2011-1176SUSE Linux Enterprise Server 12
The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
ModerateCVE-2011-1176SUSE bug 681176CVE-2011-1187SUSE Linux Enterprise Server 12
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
ModerateCVE-2011-1187SUSE bug 758408CVE-2011-1202SUSE Linux Enterprise Server 12
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
LowCVE-2011-1202SUSE bug 689281SUSE bug 692619CVE-2011-1485SUSE Linux Enterprise Server 12
Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.
ModerateCVE-2011-1485SUSE bug 688788CVE-2011-1521SUSE Linux Enterprise Server 12
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
ModerateCVE-2011-1521SUSE bug 682554CVE-2011-1526SUSE Linux Enterprise Server 12
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.
ModerateCVE-2011-1526SUSE bug 698471CVE-2011-1527SUSE Linux Enterprise Server 12
The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.
ImportantCVE-2011-1527SUSE bug 719393SUSE bug 743742CVE-2011-1528SUSE Linux Enterprise Server 12
The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.
ImportantCVE-2011-1528SUSE bug 719393SUSE bug 743742CVE-2011-1529SUSE Linux Enterprise Server 12
The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.
ImportantCVE-2011-1529SUSE bug 719393SUSE bug 743742CVE-2011-1530SUSE Linux Enterprise Server 12
The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.
ModerateCVE-2011-1530SUSE bug 730393CVE-2011-1577SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.
ModerateCVE-2011-1577SUSE bug 687113SUSE bug 692784CVE-2011-1590SUSE Linux Enterprise Server 12
The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.
ModerateCVE-2011-1590SUSE bug 688109CVE-2011-1591SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
ModerateCVE-2011-1591SUSE bug 688109CVE-2011-1592SUSE Linux Enterprise Server 12
The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.
ModerateCVE-2011-1592SUSE bug 688109CVE-2011-1709SUSE Linux Enterprise Server 12
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
ModerateCVE-2011-1709SUSE bug 694858CVE-2011-1758SUSE Linux Enterprise Server 12
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname.
ModerateCVE-2011-1758SUSE bug 691135CVE-2011-1761SUSE Linux Enterprise Server 12
Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information.
ModerateCVE-2011-1761SUSE bug 691137SUSE bug 710726CVE-2011-1831SUSE Linux Enterprise Server 12
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.
ImportantCVE-2011-1831SUSE bug 709771SUSE bug 711539CVE-2011-1832SUSE Linux Enterprise Server 12
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.
ImportantCVE-2011-1832SUSE bug 709771SUSE bug 711539CVE-2011-1833SUSE Linux Enterprise Server 12
Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.
ModerateCVE-2011-1833SUSE bug 709771SUSE bug 711539CVE-2011-1834SUSE Linux Enterprise Server 12
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call.
ImportantCVE-2011-1834SUSE bug 709771SUSE bug 711539CVE-2011-1835SUSE Linux Enterprise Server 12
The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.
ImportantCVE-2011-1835SUSE bug 709771SUSE bug 711539CVE-2011-1836SUSE Linux Enterprise Server 12
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
ModerateCVE-2011-1836SUSE bug 709771SUSE bug 711539CVE-2011-1837SUSE Linux Enterprise Server 12
The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.
ImportantCVE-2011-1837SUSE bug 709771SUSE bug 711539CVE-2011-1898SUSE Linux Enterprise Server 12
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
ImportantCVE-2011-1898SUSE bug 702025SUSE bug 724906CVE-2011-1907SUSE Linux Enterprise Server 12
ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.
ModerateCVE-2011-1907SUSE bug 692210CVE-2011-1910SUSE Linux Enterprise Server 12
Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.
ImportantCVE-2011-1910SUSE bug 696585SUSE bug 698286CVE-2011-1928SUSE Linux Enterprise Server 12
The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
LowCVE-2011-1928SUSE bug 693778CVE-2011-1944SUSE Linux Enterprise Server 12
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
ModerateCVE-2011-1944SUSE bug 1123919SUSE bug 697372CVE-2011-1946SUSE Linux Enterprise Server 12
gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of these accounts.
ImportantCVE-2011-1946SUSE bug 695627CVE-2011-1947SUSE Linux Enterprise Server 12
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.
ModerateCVE-2011-1947SUSE bug 697368CVE-2011-1957SUSE Linux Enterprise Server 12
The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length.
ModerateCVE-2011-1957SUSE bug 697516CVE-2011-1958SUSE Linux Enterprise Server 12
Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file.
ModerateCVE-2011-1958SUSE bug 697516CVE-2011-1959SUSE Linux Enterprise Server 12
The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read.
ModerateCVE-2011-1959SUSE bug 697516CVE-2011-2054SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ImportantCVE-2011-2054SUSE bug 709167CVE-2011-2174SUSE Linux Enterprise Server 12
Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression.
ModerateCVE-2011-2174SUSE bug 697516CVE-2011-2175SUSE Linux Enterprise Server 12
Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read.
ModerateCVE-2011-2175SUSE bug 697516CVE-2011-2186SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2011-2186SUSE bug 698456CVE-2011-2199SUSE Linux Enterprise Server 12
Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option.
ModerateCVE-2011-2199SUSE bug 699714CVE-2011-2203SUSE Linux Enterprise Server 12
The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record.
ModerateCVE-2011-2203SUSE bug 699709CVE-2011-2366SUSE Linux Enterprise Server 12
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.
ModerateCVE-2011-2366SUSE bug 701296CVE-2011-2367SUSE Linux Enterprise Server 12
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors.
ModerateCVE-2011-2367SUSE bug 701296CVE-2011-2368SUSE Linux Enterprise Server 12
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CriticalCVE-2011-2368SUSE bug 701296CVE-2011-2369SUSE Linux Enterprise Server 12
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.
ModerateCVE-2011-2369SUSE bug 701296CVE-2011-2370SUSE Linux Enterprise Server 12
Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.
ModerateCVE-2011-2370SUSE bug 701296CVE-2011-2371SUSE Linux Enterprise Server 12
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
ImportantCVE-2011-2371SUSE bug 701296CVE-2011-2372SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.
ImportantCVE-2011-2372SUSE bug 720264CVE-2011-2373SUSE Linux Enterprise Server 12
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
ImportantCVE-2011-2373SUSE bug 701296CVE-2011-2374SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2011-2374SUSE bug 701296CVE-2011-2375SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2011-2375SUSE bug 701296CVE-2011-2377SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.
ImportantCVE-2011-2377SUSE bug 701296CVE-2011-2464SUSE Linux Enterprise Server 12
Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
ModerateCVE-2011-2464SUSE bug 703907CVE-2011-2483SUSE Linux Enterprise Server 12
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
ModerateCVE-2011-2483SUSE bug 700876SUSE bug 701489SUSE bug 701491SUSE bug 713727SUSE bug 738221SUSE bug 749299SUSE bug 749301SUSE bug 749303CVE-2011-2485SUSE Linux Enterprise Server 12
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.
ModerateCVE-2011-2485SUSE bug 702028CVE-2011-2489SUSE Linux Enterprise Server 12
Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line.
ImportantCVE-2011-2489SUSE bug 698772CVE-2011-2490SUSE Linux Enterprise Server 12
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
ImportantCVE-2011-2490SUSE bug 698772CVE-2011-2501SUSE Linux Enterprise Server 12
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
ModerateCVE-2011-2501SUSE bug 702578CVE-2011-2511SUSE Linux Enterprise Server 12
Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.
ModerateCVE-2011-2511SUSE bug 703084CVE-2011-2522SUSE Linux Enterprise Server 12
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
ModerateCVE-2011-2522SUSE bug 705241CVE-2011-2597SUSE Linux Enterprise Server 12
The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets.
ModerateCVE-2011-2597SUSE bug 706728CVE-2011-2690SUSE Linux Enterprise Server 12
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.
ModerateCVE-2011-2690SUSE bug 706387SUSE bug 706388SUSE bug 854395CVE-2011-2691SUSE Linux Enterprise Server 12
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.
ModerateCVE-2011-2691SUSE bug 706388CVE-2011-2692SUSE Linux Enterprise Server 12
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
ModerateCVE-2011-2692SUSE bug 706389SUSE bug 854395CVE-2011-2694SUSE Linux Enterprise Server 12
Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).
ModerateCVE-2011-2694CVE-2011-2696SUSE Linux Enterprise Server 12
Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.
ModerateCVE-2011-2696SUSE bug 705681CVE-2011-2697SUSE Linux Enterprise Server 12
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
ModerateCVE-2011-2697SUSE bug 59233SUSE bug 698451SUSE bug 704608SUSE bug 852368SUSE bug 957531CVE-2011-2698SUSE Linux Enterprise Server 12
Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet.
ModerateCVE-2011-2698SUSE bug 706728CVE-2011-2709SUSE Linux Enterprise Server 12
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.
ModerateCVE-2011-2709SUSE bug 694598CVE-2011-2721SUSE Linux Enterprise Server 12
Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.
ModerateCVE-2011-2721SUSE bug 708263CVE-2011-2722SUSE Linux Enterprise Server 12
The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.
LowCVE-2011-2722SUSE bug 59233SUSE bug 698451SUSE bug 704608SUSE bug 713717SUSE bug 808355CVE-2011-2729SUSE Linux Enterprise Server 12
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
ModerateCVE-2011-2729SUSE bug 715656CVE-2011-2748SUSE Linux Enterprise Server 12
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.
ModerateCVE-2011-2748SUSE bug 712653CVE-2011-2749SUSE Linux Enterprise Server 12
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.
ImportantCVE-2011-2749SUSE bug 712653CVE-2011-2895SUSE Linux Enterprise Server 12
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
ModerateCVE-2011-2895SUSE bug 709851SUSE bug 711487CVE-2011-2985SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2011-2985SUSE bug 712224CVE-2011-2986SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.
ModerateCVE-2011-2986SUSE bug 712224CVE-2011-2988SUSE Linux Enterprise Server 12
Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader.
CriticalCVE-2011-2988SUSE bug 712224CVE-2011-2989SUSE Linux Enterprise Server 12
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CriticalCVE-2011-2989SUSE bug 712224CVE-2011-2990SUSE Linux Enterprise Server 12
The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects.
ModerateCVE-2011-2990SUSE bug 712224CVE-2011-2991SUSE Linux Enterprise Server 12
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CriticalCVE-2011-2991SUSE bug 712224CVE-2011-2992SUSE Linux Enterprise Server 12
The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CriticalCVE-2011-2992SUSE bug 712224CVE-2011-2993SUSE Linux Enterprise Server 12
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.
CriticalCVE-2011-2993SUSE bug 712224CVE-2011-2995SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2011-2995SUSE bug 720264CVE-2011-2996SUSE Linux Enterprise Server 12
Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2011-2996SUSE bug 720264CVE-2011-2997SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2011-2997SUSE bug 720264CVE-2011-3000SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.
ImportantCVE-2011-3000SUSE bug 720264CVE-2011-3001SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error.
ModerateCVE-2011-3001SUSE bug 720264CVE-2011-3002SUSE Linux Enterprise Server 12
Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow.
CriticalCVE-2011-3002SUSE bug 720264CVE-2011-3003SUSE Linux Enterprise Server 12
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation.
CriticalCVE-2011-3003SUSE bug 720264CVE-2011-3004SUSE Linux Enterprise Server 12
The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior.
ImportantCVE-2011-3004SUSE bug 720264CVE-2011-3005SUSE Linux Enterprise Server 12
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file.
CriticalCVE-2011-3005SUSE bug 720264CVE-2011-3026SUSE Linux Enterprise Server 12
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
ModerateCVE-2011-3026SUSE bug 747311SUSE bug 747327SUSE bug 747328SUSE bug 773612SUSE bug 854395CVE-2011-3045SUSE Linux Enterprise Server 12
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
ModerateCVE-2011-3045SUSE bug 752008SUSE bug 754456CVE-2011-3048SUSE Linux Enterprise Server 12
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
ModerateCVE-2011-3048SUSE bug 754745SUSE bug 854395CVE-2011-3062SUSE Linux Enterprise Server 12
Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
ModerateCVE-2011-3062SUSE bug 754458SUSE bug 758408CVE-2011-3101SUSE Linux Enterprise Server 12
Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products.
ImportantCVE-2011-3101SUSE bug 762481SUSE bug 765204CVE-2011-3146SUSE Linux Enterprise Server 12
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.
ModerateCVE-2011-3146SUSE bug 714980CVE-2011-3148SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.
ModerateCVE-2011-3148SUSE bug 724480CVE-2011-3149SUSE Linux Enterprise Server 12
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
LowCVE-2011-3149SUSE bug 724480CVE-2011-3172SUSE Linux Enterprise Server 12
A vulnerability in pam_modules of SUSE SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE SUSE Linux Enterprise: versions prior to 12.
CriticalCVE-2011-3172SUSE bug 1149683SUSE bug 707645CVE-2011-3177SUSE Linux Enterprise Server 12
The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.
LowCVE-2011-3177SUSE bug 713661CVE-2011-3192SUSE Linux Enterprise Server 12
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
ImportantCVE-2011-3192SUSE bug 713966SUSE bug 714306SUSE bug 716634SUSE bug 718106SUSE bug 722545SUSE bug 726139SUSE bug 732051SUSE bug 983778CVE-2011-3193SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
ModerateCVE-2011-3193SUSE bug 714984CVE-2011-3200SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message.
ModerateCVE-2011-3200SUSE bug 714658CVE-2011-3207SUSE Linux Enterprise Server 12
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
ModerateCVE-2011-3207SUSE bug 716143CVE-2011-3210SUSE Linux Enterprise Server 12
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.
ModerateCVE-2011-3210SUSE bug 716144CVE-2011-3232SUSE Linux Enterprise Server 12
YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
CriticalCVE-2011-3232SUSE bug 720264CVE-2011-3256SUSE Linux Enterprise Server 12
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
ModerateCVE-2011-3256SUSE bug 728044SUSE bug 730124SUSE bug 748083CVE-2011-3266SUSE Linux Enterprise Server 12
The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree.
ModerateCVE-2011-3266SUSE bug 718032CVE-2011-3328SUSE Linux Enterprise Server 12
The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.
ModerateCVE-2011-3328SUSE bug 720017CVE-2011-3360SUSE Linux Enterprise Server 12
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.
ModerateCVE-2011-3360SUSE bug 718032CVE-2011-3368SUSE Linux Enterprise Server 12
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
ModerateCVE-2011-3368SUSE bug 722545SUSE bug 728876SUSE bug 729181SUSE bug 791794CVE-2011-3372SUSE Linux Enterprise Server 12
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
ModerateCVE-2011-3372SUSE bug 719998CVE-2011-3389SUSE Linux Enterprise Server 12
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
ModerateCVE-2011-3389SUSE bug 716002SUSE bug 719047SUSE bug 725167SUSE bug 726096SUSE bug 739248SUSE bug 739256SUSE bug 742306SUSE bug 751718SUSE bug 759666SUSE bug 814655CVE-2011-3439SUSE Linux Enterprise Server 12
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
ModerateCVE-2011-3439SUSE bug 730124SUSE bug 748083CVE-2011-3483SUSE Linux Enterprise Server 12
Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability."
ModerateCVE-2011-3483SUSE bug 718032CVE-2011-3563SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
ModerateCVE-2011-3563SUSE bug 747208SUSE bug 758470SUSE bug 763805CVE-2011-3571SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. NOTE: this CVE identifier was accidentally used for a Concurrency issue in Java Runtime Environment, but that issue has been reassigned to CVE-2012-0507.
ImportantCVE-2011-3571SUSE bug 742115SUSE bug 747208CVE-2011-3602SUSE Linux Enterprise Server 12
Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files.
LowCVE-2011-3602SUSE bug 721968CVE-2011-3607SUSE Linux Enterprise Server 12
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
ModerateCVE-2011-3607SUSE bug 728876SUSE bug 729181SUSE bug 729183SUSE bug 806721CVE-2011-3627SUSE Linux Enterprise Server 12
The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.
ModerateCVE-2011-3627SUSE bug 724856SUSE bug 809945CVE-2011-3630SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2011-3630CVE-2011-3631SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2011-3631CVE-2011-3632SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
LowCVE-2011-3632CVE-2011-3640SUSE Linux Enterprise Server 12
** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
ModerateCVE-2011-3640SUSE bug 726096CVE-2011-3648SUSE Linux Enterprise Server 12
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.
ModerateCVE-2011-3648CVE-2011-3650SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.
ModerateCVE-2011-3650CVE-2011-3651SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2011-3651CVE-2011-3652SUSE Linux Enterprise Server 12
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CriticalCVE-2011-3652CVE-2011-3654SUSE Linux Enterprise Server 12
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CriticalCVE-2011-3654CVE-2011-3655SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
CriticalCVE-2011-3655CVE-2011-3658SUSE Linux Enterprise Server 12
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.
ImportantCVE-2011-3658SUSE bug 737533SUSE bug 746591SUSE bug 747320SUSE bug 750044CVE-2011-3659SUSE Linux Enterprise Server 12
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
ImportantCVE-2011-3659SUSE bug 744275CVE-2011-3660SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors.
CriticalCVE-2011-3660SUSE bug 737533CVE-2011-3661SUSE Linux Enterprise Server 12
YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
ImportantCVE-2011-3661SUSE bug 737533CVE-2011-3663SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.
ImportantCVE-2011-3663SUSE bug 737533CVE-2011-3922SUSE Linux Enterprise Server 12
Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling.
ModerateCVE-2011-3922SUSE bug 739904SUSE bug 740493CVE-2011-4108SUSE Linux Enterprise Server 12
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
ModerateCVE-2011-4108SUSE bug 739719SUSE bug 742821SUSE bug 758060SUSE bug 778825CVE-2011-4128SUSE Linux Enterprise Server 12
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
ModerateCVE-2011-4128SUSE bug 729486CVE-2011-4182SUSE Linux Enterprise Server 12
Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1.
ModerateCVE-2011-4182SUSE bug 735394CVE-2011-4313SUSE Linux Enterprise Server 12
query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
ImportantCVE-2011-4313SUSE bug 730995SUSE bug 738156CVE-2011-4317SUSE Linux Enterprise Server 12
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
ModerateCVE-2011-4317SUSE bug 722545SUSE bug 728876SUSE bug 729181SUSE bug 791794CVE-2011-4349SUSE Linux Enterprise Server 12
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.
ModerateCVE-2011-4349SUSE bug 698250SUSE bug 732996CVE-2011-4405SUSE Linux Enterprise Server 12
The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.
ModerateCVE-2011-4405SUSE bug 733542SUSE bug 735322CVE-2011-4539SUSE Linux Enterprise Server 12
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
ModerateCVE-2011-4539SUSE bug 735610SUSE bug 741239CVE-2011-4576SUSE Linux Enterprise Server 12
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
ModerateCVE-2011-4576SUSE bug 739719SUSE bug 758060SUSE bug 778825CVE-2011-4577SUSE Linux Enterprise Server 12
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.
ModerateCVE-2011-4577SUSE bug 739719SUSE bug 758060CVE-2011-4600SUSE Linux Enterprise Server 12
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.
LowCVE-2011-4600SUSE bug 736082CVE-2011-4619SUSE Linux Enterprise Server 12
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
ModerateCVE-2011-4619SUSE bug 739719SUSE bug 758060SUSE bug 799454CVE-2011-4815SUSE Linux Enterprise Server 12
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
ImportantCVE-2011-4815SUSE bug 739122CVE-2011-4862SUSE Linux Enterprise Server 12
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
ImportantCVE-2011-4862SUSE bug 738632CVE-2011-4868SUSE Linux Enterprise Server 12
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.
ModerateCVE-2011-4868SUSE bug 741239CVE-2011-4944SUSE Linux Enterprise Server 12
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
LowCVE-2011-4944SUSE bug 754447CVE-2011-5035SUSE Linux Enterprise Server 12
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
ModerateCVE-2011-5035SUSE bug 747208SUSE bug 757762SUSE bug 758470CVE-2012-0021SUSE Linux Enterprise Server 12
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
ModerateCVE-2012-0021SUSE bug 1078450SUSE bug 1095150SUSE bug 743744CVE-2012-0027SUSE Linux Enterprise Server 12
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.
ModerateCVE-2012-0027SUSE bug 739719CVE-2012-0029SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.
ImportantCVE-2012-0029SUSE bug 740165SUSE bug 747331SUSE bug 757537CVE-2012-0031SUSE Linux Enterprise Server 12
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
ModerateCVE-2012-0031SUSE bug 741243SUSE bug 806721CVE-2012-0035SUSE Linux Enterprise Server 12
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
ModerateCVE-2012-0035SUSE bug 740447CVE-2012-0037SUSE Linux Enterprise Server 12
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
ModerateCVE-2012-0037SUSE bug 37195SUSE bug 734781SUSE bug 740453SUSE bug 745298CVE-2012-0050SUSE Linux Enterprise Server 12
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
ModerateCVE-2012-0050SUSE bug 739719SUSE bug 742821SUSE bug 758060CVE-2012-0053SUSE Linux Enterprise Server 12
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
ModerateCVE-2012-0053SUSE bug 743743CVE-2012-0056SUSE Linux Enterprise Server 12
The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.
ImportantCVE-2012-0056SUSE bug 653148SUSE bug 742028SUSE bug 742279CVE-2012-0217SUSE Linux Enterprise Server 12
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
ImportantCVE-2012-0217SUSE bug 757537SUSE bug 764077CVE-2012-0247SUSE Linux Enterprise Server 12
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
ModerateCVE-2012-0247SUSE bug 746880SUSE bug 752879CVE-2012-0248SUSE Linux Enterprise Server 12
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
ModerateCVE-2012-0248SUSE bug 746880SUSE bug 752879CVE-2012-0390SUSE Linux Enterprise Server 12
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
ModerateCVE-2012-0390SUSE bug 739898CVE-2012-0441SUSE Linux Enterprise Server 12
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.
ModerateCVE-2012-0441SUSE bug 765204CVE-2012-0442SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2012-0442SUSE bug 744275CVE-2012-0443SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2012-0443SUSE bug 744275CVE-2012-0444SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
ModerateCVE-2012-0444SUSE bug 744275SUSE bug 747912CVE-2012-0445SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute.
ModerateCVE-2012-0445SUSE bug 744275CVE-2012-0446SUSE Linux Enterprise Server 12
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.
ModerateCVE-2012-0446SUSE bug 744275CVE-2012-0447SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
ModerateCVE-2012-0447SUSE bug 744275CVE-2012-0449SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.
ImportantCVE-2012-0449SUSE bug 744275CVE-2012-0451SUSE Linux Enterprise Server 12
CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers.
ModerateCVE-2012-0451SUSE bug 746591SUSE bug 747320SUSE bug 750044SUSE bug 752168CVE-2012-0452SUSE Linux Enterprise Server 12
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding.
ImportantCVE-2012-0452SUSE bug 746616SUSE bug 746663CVE-2012-0455SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue.
ModerateCVE-2012-0455SUSE bug 746591SUSE bug 747320SUSE bug 750044SUSE bug 752168CVE-2012-0456SUSE Linux Enterprise Server 12
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read.
ImportantCVE-2012-0456SUSE bug 746591SUSE bug 747320SUSE bug 750044SUSE bug 752168CVE-2012-0457SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.
CriticalCVE-2012-0457SUSE bug 746591SUSE bug 747320SUSE bug 750044SUSE bug 752168CVE-2012-0458SUSE Linux Enterprise Server 12
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context.
ImportantCVE-2012-0458SUSE bug 746591SUSE bug 747320SUSE bug 750044SUSE bug 752168CVE-2012-0459SUSE Linux Enterprise Server 12
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe.
ImportantCVE-2012-0459SUSE bug 746591SUSE bug 747320SUSE bug 750044SUSE bug 752168CVE-2012-0460SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page.
ModerateCVE-2012-0460SUSE bug 746591SUSE bug 747320SUSE bug 750044SUSE bug 752168CVE-2012-0461SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2012-0461SUSE bug 746591SUSE bug 747320SUSE bug 750044SUSE bug 752168CVE-2012-0462SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2012-0462SUSE bug 746591SUSE bug 747320SUSE bug 750044SUSE bug 752168CVE-2012-0463SUSE Linux Enterprise Server 12
The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android.
ImportantCVE-2012-0463SUSE bug 746591SUSE bug 747320SUSE bug 750044SUSE bug 752168CVE-2012-0464SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.
ImportantCVE-2012-0464SUSE bug 746591SUSE bug 747320SUSE bug 750044SUSE bug 752168CVE-2012-0467SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2012-0467SUSE bug 758408CVE-2012-0468SUSE Linux Enterprise Server 12
The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function.
CriticalCVE-2012-0468SUSE bug 758408CVE-2012-0469SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data.
ModerateCVE-2012-0469SUSE bug 758408CVE-2012-0470SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems."
ModerateCVE-2012-0470SUSE bug 758408CVE-2012-0471SUSE Linux Enterprise Server 12
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set.
ModerateCVE-2012-0471SUSE bug 758408CVE-2012-0472SUSE Linux Enterprise Server 12
The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
ModerateCVE-2012-0472SUSE bug 758408CVE-2012-0473SUSE Linux Enterprise Server 12
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call.
ModerateCVE-2012-0473SUSE bug 758408CVE-2012-0474SUSE Linux Enterprise Server 12
Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)."
ModerateCVE-2012-0474SUSE bug 758408CVE-2012-0475SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields.
ModerateCVE-2012-0475SUSE bug 758408CVE-2012-0477SUSE Linux Enterprise Server 12
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set.
ModerateCVE-2012-0477SUSE bug 758408CVE-2012-0478SUSE Linux Enterprise Server 12
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
ModerateCVE-2012-0478SUSE bug 758408CVE-2012-0479SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content.
ModerateCVE-2012-0479SUSE bug 758408CVE-2012-0497SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
ImportantCVE-2012-0497SUSE bug 747208SUSE bug 758470CVE-2012-0501SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
LowCVE-2012-0501SUSE bug 747208SUSE bug 758470CVE-2012-0502SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.
ModerateCVE-2012-0502SUSE bug 747208SUSE bug 758470SUSE bug 763805CVE-2012-0503SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.
ModerateCVE-2012-0503SUSE bug 747208SUSE bug 758470SUSE bug 763805CVE-2012-0505SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.
ModerateCVE-2012-0505SUSE bug 747208SUSE bug 758470SUSE bug 763805CVE-2012-0506SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.
ModerateCVE-2012-0506SUSE bug 747208SUSE bug 758470SUSE bug 763805CVE-2012-0547SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references."
LowCVE-2012-0547SUSE bug 777499SUSE bug 780897CVE-2012-0759SUSE Linux Enterprise Server 12
Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0771.
CriticalCVE-2012-0759SUSE bug 796895CVE-2012-0786SUSE Linux Enterprise Server 12
The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.
ModerateCVE-2012-0786SUSE bug 853044SUSE bug 885003CVE-2012-0804SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
ModerateCVE-2012-0804SUSE bug 744059CVE-2012-0817SUSE Linux Enterprise Server 12
Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests.
ModerateCVE-2012-0817SUSE bug 743986CVE-2012-0845SUSE Linux Enterprise Server 12
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.
ModerateCVE-2012-0845SUSE bug 747125CVE-2012-0862SUSE Linux Enterprise Server 12
builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.
LowCVE-2012-0862SUSE bug 762294SUSE bug 844230SUSE bug 855685CVE-2012-0866SUSE Linux Enterprise Server 12
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.
ModerateCVE-2012-0866SUSE bug 701489SUSE bug 749299SUSE bug 749301SUSE bug 749303CVE-2012-0867SUSE Linux Enterprise Server 12
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
LowCVE-2012-0867SUSE bug 701489SUSE bug 749299SUSE bug 749301SUSE bug 749303CVE-2012-0868SUSE Linux Enterprise Server 12
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
LowCVE-2012-0868SUSE bug 701489SUSE bug 749299SUSE bug 749301SUSE bug 749303CVE-2012-0870SUSE Linux Enterprise Server 12
Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.
ImportantCVE-2012-0870SUSE bug 747934SUSE bug 752797CVE-2012-0876SUSE Linux Enterprise Server 12
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
ModerateCVE-2012-0876SUSE bug 750914SUSE bug 751464SUSE bug 751465SUSE bug 983215SUSE bug 983216CVE-2012-0884SUSE Linux Enterprise Server 12
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
ModerateCVE-2012-0884SUSE bug 749210SUSE bug 749735SUSE bug 751977SUSE bug 754640SUSE bug 761819CVE-2012-1012SUSE Linux Enterprise Server 12
server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.
ModerateCVE-2012-1012SUSE bug 766109CVE-2012-1013SUSE Linux Enterprise Server 12
The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.
ModerateCVE-2012-1013SUSE bug 765485CVE-2012-1016SUSE Linux Enterprise Server 12
The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.
ModerateCVE-2012-1016SUSE bug 807556CVE-2012-1126SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font.
ModerateCVE-2012-1126SUSE bug 750937CVE-2012-1127SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
ModerateCVE-2012-1127SUSE bug 750947CVE-2012-1128SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
ModerateCVE-2012-1128SUSE bug 750942CVE-2012-1129SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font.
LowCVE-2012-1129SUSE bug 750952CVE-2012-1130SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.
ModerateCVE-2012-1130SUSE bug 750951CVE-2012-1131SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font.
ModerateCVE-2012-1131SUSE bug 750953CVE-2012-1132SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font.
LowCVE-2012-1132SUSE bug 750950CVE-2012-1133SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
ModerateCVE-2012-1133SUSE bug 750940CVE-2012-1134SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font.
ModerateCVE-2012-1134SUSE bug 750945CVE-2012-1135SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font.
LowCVE-2012-1135SUSE bug 750946CVE-2012-1136SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field.
ModerateCVE-2012-1136SUSE bug 750939CVE-2012-1137SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font.
ModerateCVE-2012-1137SUSE bug 750943CVE-2012-1138SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font.
ModerateCVE-2012-1138SUSE bug 750941CVE-2012-1139SUSE Linux Enterprise Server 12
Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font.
LowCVE-2012-1139SUSE bug 750938CVE-2012-1140SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object.
ModerateCVE-2012-1140SUSE bug 750954CVE-2012-1141SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font.
LowCVE-2012-1141SUSE bug 750955CVE-2012-1142SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font.
ModerateCVE-2012-1142SUSE bug 750948CVE-2012-1143SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font.
ModerateCVE-2012-1143SUSE bug 750949CVE-2012-1144SUSE Linux Enterprise Server 12
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
ModerateCVE-2012-1144SUSE bug 750944CVE-2012-1147SUSE Linux Enterprise Server 12
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
ModerateCVE-2012-1147SUSE bug 750914SUSE bug 751464SUSE bug 751465CVE-2012-1148SUSE Linux Enterprise Server 12
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.
ImportantCVE-2012-1148SUSE bug 750914SUSE bug 751464SUSE bug 751465CVE-2012-1150SUSE Linux Enterprise Server 12
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
ModerateCVE-2012-1150SUSE bug 751718SUSE bug 755383SUSE bug 826682CVE-2012-1152SUSE Linux Enterprise Server 12
Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.
ModerateCVE-2012-1152SUSE bug 751503CVE-2012-1162SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."
ModerateCVE-2012-1162SUSE bug 751829SUSE bug 751830CVE-2012-1163SUSE Linux Enterprise Server 12
Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.
ModerateCVE-2012-1163SUSE bug 751829SUSE bug 751830CVE-2012-1165SUSE Linux Enterprise Server 12
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
ModerateCVE-2012-1165SUSE bug 749210SUSE bug 749213SUSE bug 751946SUSE bug 754640CVE-2012-1173SUSE Linux Enterprise Server 12
Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.
ModerateCVE-2012-1173SUSE bug 753362SUSE bug 767852SUSE bug 854393CVE-2012-1174SUSE Linux Enterprise Server 12
The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."
ModerateCVE-2012-1174SUSE bug 752281CVE-2012-1182SUSE Linux Enterprise Server 12
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
ImportantCVE-2012-1182SUSE bug 747934SUSE bug 752797SUSE bug 754443CVE-2012-1185SUSE Linux Enterprise Server 12
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.
ModerateCVE-2012-1185SUSE bug 752879CVE-2012-1186SUSE Linux Enterprise Server 12
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.
ModerateCVE-2012-1186SUSE bug 752879CVE-2012-1457SUSE Linux Enterprise Server 12
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
ModerateCVE-2012-1457SUSE bug 753611SUSE bug 767574CVE-2012-1458SUSE Linux Enterprise Server 12
The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations.
ModerateCVE-2012-1458SUSE bug 753613SUSE bug 767574CVE-2012-1459SUSE Linux Enterprise Server 12
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
ModerateCVE-2012-1459SUSE bug 753610SUSE bug 767574CVE-2012-1569SUSE Linux Enterprise Server 12
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
ModerateCVE-2012-1569SUSE bug 752193SUSE bug 753301SUSE bug 924966CVE-2012-1571SUSE Linux Enterprise Server 12
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
ModerateCVE-2012-1571SUSE bug 753303SUSE bug 883306SUSE bug 884986SUSE bug 987530CVE-2012-1573SUSE Linux Enterprise Server 12
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
ModerateCVE-2012-1573SUSE bug 752193SUSE bug 754223CVE-2012-1586SUSE Linux Enterprise Server 12
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
ModerateCVE-2012-1586SUSE bug 754443CVE-2012-1667SUSE Linux Enterprise Server 12
ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
ModerateCVE-2012-1667SUSE bug 765315SUSE bug 792926CVE-2012-1682SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."
ImportantCVE-2012-1682SUSE bug 777499SUSE bug 780897SUSE bug 785433CVE-2012-1711SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA.
ImportantCVE-2012-1711SUSE bug 766802CVE-2012-1713SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
ImportantCVE-2012-1713SUSE bug 766802SUSE bug 778629SUSE bug 780897CVE-2012-1716SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
ImportantCVE-2012-1716SUSE bug 766802SUSE bug 778629SUSE bug 780897CVE-2012-1717SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
ModerateCVE-2012-1717SUSE bug 766802SUSE bug 778629SUSE bug 780897CVE-2012-1718SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
ModerateCVE-2012-1718SUSE bug 778629SUSE bug 780897CVE-2012-1719SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.
ModerateCVE-2012-1719SUSE bug 766802SUSE bug 778629SUSE bug 780897CVE-2012-1723SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
ImportantCVE-2012-1723SUSE bug 766802CVE-2012-1724SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP.
ModerateCVE-2012-1724SUSE bug 766802CVE-2012-1725SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
ImportantCVE-2012-1725SUSE bug 766802SUSE bug 778629SUSE bug 780897CVE-2012-1726SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
ModerateCVE-2012-1726SUSE bug 780897CVE-2012-1937SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2012-1937SUSE bug 765204CVE-2012-1938SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.
CriticalCVE-2012-1938SUSE bug 765204CVE-2012-1940SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column.
ImportantCVE-2012-1940SUSE bug 765204CVE-2012-1941SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns.
CriticalCVE-2012-1941SUSE bug 765204CVE-2012-1944SUSE Linux Enterprise Server 12
The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document.
ModerateCVE-2012-1944SUSE bug 765204CVE-2012-1945SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
ModerateCVE-2012-1945SUSE bug 765204CVE-2012-1946SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node.
ImportantCVE-2012-1946SUSE bug 765204CVE-2012-1947SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.
CriticalCVE-2012-1947SUSE bug 765204CVE-2012-1948SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2012-1948SUSE bug 771583CVE-2012-1949SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2012-1949SUSE bug 771583CVE-2012-1950SUSE Linux Enterprise Server 12
The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.
ImportantCVE-2012-1950SUSE bug 771583CVE-2012-1951SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing.
ImportantCVE-2012-1951SUSE bug 771583CVE-2012-1952SUSE Linux Enterprise Server 12
The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site.
CriticalCVE-2012-1952SUSE bug 771583CVE-2012-1953SUSE Linux Enterprise Server 12
The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site.
CriticalCVE-2012-1953SUSE bug 771583CVE-2012-1954SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents.
CriticalCVE-2012-1954SUSE bug 771583CVE-2012-1955SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.
ImportantCVE-2012-1955SUSE bug 771583CVE-2012-1956SUSE Linux Enterprise Server 12
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
ModerateCVE-2012-1956SUSE bug 777588CVE-2012-1957SUSE Linux Enterprise Server 12
An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed.
ImportantCVE-2012-1957SUSE bug 771583CVE-2012-1958SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content.
ImportantCVE-2012-1958SUSE bug 771583CVE-2012-1959SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content.
ImportantCVE-2012-1959SUSE bug 771583CVE-2012-1960SUSE Linux Enterprise Server 12
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.
LowCVE-2012-1960SUSE bug 771583CVE-2012-1961SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values.
ImportantCVE-2012-1961SUSE bug 771583CVE-2012-1962SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies.
ImportantCVE-2012-1962SUSE bug 771583CVE-2012-1963SUSE Linux Enterprise Server 12
The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation.
ImportantCVE-2012-1963SUSE bug 771583CVE-2012-1965SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.
ImportantCVE-2012-1965SUSE bug 771583CVE-2012-1966SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
ImportantCVE-2012-1966SUSE bug 771583CVE-2012-1967SUSE Linux Enterprise Server 12
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.
ImportantCVE-2012-1967SUSE bug 771583CVE-2012-1970SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2012-1970SUSE bug 777588CVE-2012-1972SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
ImportantCVE-2012-1972SUSE bug 777588CVE-2012-1973SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-1973SUSE bug 777588CVE-2012-1974SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-1974SUSE bug 777588CVE-2012-1975SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-1975SUSE bug 777588CVE-2012-1976SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-1976SUSE bug 777588CVE-2012-2110SUSE Linux Enterprise Server 12
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
ImportantCVE-2012-2110SUSE bug 758060SUSE bug 778825CVE-2012-2111SUSE Linux Enterprise Server 12
The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.
ModerateCVE-2012-2111SUSE bug 754443SUSE bug 757576CVE-2012-2113SUSE Linux Enterprise Server 12
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
ModerateCVE-2012-2113SUSE bug 767852SUSE bug 854393CVE-2012-2141SUSE Linux Enterprise Server 12
Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.
ModerateCVE-2012-2141SUSE bug 759352SUSE bug 826684CVE-2012-2143SUSE Linux Enterprise Server 12
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
ModerateCVE-2012-2143SUSE bug 766797SUSE bug 766798SUSE bug 766799CVE-2012-2150SUSE Linux Enterprise Server 12
xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.
LowCVE-2012-2150SUSE bug 939367CVE-2012-2337SUSE Linux Enterprise Server 12
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
ImportantCVE-2012-2337SUSE bug 762327SUSE bug 826687CVE-2012-2372SUSE Linux Enterprise Server 12
The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.
ModerateCVE-2012-2372SUSE bug 653148SUSE bug 767610SUSE bug 795039CVE-2012-2388SUSE Linux Enterprise Server 12
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."
ModerateCVE-2012-2388SUSE bug 1107874SUSE bug 761325SUSE bug 815236CVE-2012-2391SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2942. Reason: This candidate is a duplicate of CVE-2012-2942. Notes: All CVE users should reference CVE-2012-2942 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2012-2391CVE-2012-2392SUSE Linux Enterprise Server 12
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.
ModerateCVE-2012-2392SUSE bug 763634SUSE bug 763855SUSE bug 769578CVE-2012-2393SUSE Linux Enterprise Server 12
epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.
ModerateCVE-2012-2393SUSE bug 763634SUSE bug 763855SUSE bug 763857CVE-2012-2394SUSE Linux Enterprise Server 12
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.
ModerateCVE-2012-2394SUSE bug 763634SUSE bug 763859CVE-2012-2396SUSE Linux Enterprise Server 12
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
ModerateCVE-2012-2396SUSE bug 760496CVE-2012-2417SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
ModerateCVE-2012-2417SUSE bug 764127CVE-2012-2451SUSE Linux Enterprise Server 12
The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.
LowCVE-2012-2451SUSE bug 760459CVE-2012-2625SUSE Linux Enterprise Server 12
The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.
ModerateCVE-2012-2625SUSE bug 762484SUSE bug 773393SUSE bug 773401SUSE bug 787163CVE-2012-2655SUSE Linux Enterprise Server 12
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.
ModerateCVE-2012-2655SUSE bug 765069CVE-2012-2669SUSE Linux Enterprise Server 12
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message.
ModerateCVE-2012-2669SUSE bug 761200CVE-2012-2673SUSE Linux Enterprise Server 12
Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.
ModerateCVE-2012-2673SUSE bug 765444CVE-2012-2686SUSE Linux Enterprise Server 12
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
ModerateCVE-2012-2686SUSE bug 802648CVE-2012-2687SUSE Linux Enterprise Server 12
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
LowCVE-2012-2687SUSE bug 777260CVE-2012-2737SUSE Linux Enterprise Server 12
The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.
ModerateCVE-2012-2737SUSE bug 768807CVE-2012-2738SUSE Linux Enterprise Server 12
The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
ModerateCVE-2012-2738SUSE bug 772761CVE-2012-2812SUSE Linux Enterprise Server 12
The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
ModerateCVE-2012-2812SUSE bug 771229SUSE bug 831515CVE-2012-2813SUSE Linux Enterprise Server 12
The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
ModerateCVE-2012-2813SUSE bug 771229SUSE bug 831515CVE-2012-2814SUSE Linux Enterprise Server 12
Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
ModerateCVE-2012-2814SUSE bug 771229SUSE bug 831515CVE-2012-2836SUSE Linux Enterprise Server 12
The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
ModerateCVE-2012-2836SUSE bug 771229SUSE bug 831515CVE-2012-2837SUSE Linux Enterprise Server 12
The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.
ModerateCVE-2012-2837SUSE bug 771229SUSE bug 831515CVE-2012-2840SUSE Linux Enterprise Server 12
Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
ModerateCVE-2012-2840SUSE bug 771229SUSE bug 831515CVE-2012-2841SUSE Linux Enterprise Server 12
Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.
ModerateCVE-2012-2841SUSE bug 771229SUSE bug 831515CVE-2012-2944SUSE Linux Enterprise Server 12
Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.
ImportantCVE-2012-2944SUSE bug 764699CVE-2012-3136SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682.
ImportantCVE-2012-3136SUSE bug 777499SUSE bug 780897CVE-2012-3174SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114.
ModerateCVE-2012-3174SUSE bug 798324SUSE bug 798521SUSE bug 798535CVE-2012-3216SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
LowCVE-2012-3216SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-3386SUSE Linux Enterprise Server 12
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
ModerateCVE-2012-3386SUSE bug 770618SUSE bug 786745CVE-2012-3401SUSE Linux Enterprise Server 12
The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.
ModerateCVE-2012-3401SUSE bug 770816SUSE bug 854393CVE-2012-3432SUSE Linux Enterprise Server 12
The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.
ModerateCVE-2012-3432SUSE bug 773393SUSE bug 773401CVE-2012-3433SUSE Linux Enterprise Server 12
Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown.
ModerateCVE-2012-3433SUSE bug 773393SUSE bug 773401CVE-2012-3445SUSE Linux Enterprise Server 12
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
ModerateCVE-2012-3445SUSE bug 773955CVE-2012-3449SUSE Linux Enterprise Server 12
Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files.
ModerateCVE-2012-3449SUSE bug 774332CVE-2012-3458SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
ModerateCVE-2012-3458CVE-2012-3466SUSE Linux Enterprise Server 12
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors.
ModerateCVE-2012-3466SUSE bug 775235CVE-2012-3482SUSE Linux Enterprise Server 12
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.
ModerateCVE-2012-3482SUSE bug 775988CVE-2012-3488SUSE Linux Enterprise Server 12
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.
ModerateCVE-2012-3488SUSE bug 776523CVE-2012-3489SUSE Linux Enterprise Server 12
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
LowCVE-2012-3489SUSE bug 776524CVE-2012-3499SUSE Linux Enterprise Server 12
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
ModerateCVE-2012-3499SUSE bug 806458SUSE bug 807511CVE-2012-3502SUSE Linux Enterprise Server 12
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
ModerateCVE-2012-3502SUSE bug 777119CVE-2012-3515SUSE Linux Enterprise Server 12
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
ImportantCVE-2012-3515SUSE bug 777084CVE-2012-3524SUSE Linux Enterprise Server 12
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."
ImportantCVE-2012-3524SUSE bug 697105SUSE bug 852781SUSE bug 912016CVE-2012-3547SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
ModerateCVE-2012-3547SUSE bug 777834CVE-2012-3548SUSE Linux Enterprise Server 12
The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file.
ModerateCVE-2012-3548SUSE bug 778000SUSE bug 783275CVE-2012-3570SUSE Linux Enterprise Server 12
Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.
ModerateCVE-2012-3570SUSE bug 772924CVE-2012-3571SUSE Linux Enterprise Server 12
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
ModerateCVE-2012-3571SUSE bug 772924CVE-2012-3817SUSE Linux Enterprise Server 12
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.
ModerateCVE-2012-3817SUSE bug 772945SUSE bug 792926CVE-2012-3868SUSE Linux Enterprise Server 12
Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.
ModerateCVE-2012-3868SUSE bug 772946SUSE bug 792926CVE-2012-3954SUSE Linux Enterprise Server 12
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
ModerateCVE-2012-3954SUSE bug 772924CVE-2012-3955SUSE Linux Enterprise Server 12
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
ModerateCVE-2012-3955SUSE bug 780167CVE-2012-3956SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-3956SUSE bug 777588CVE-2012-3957SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.
CriticalCVE-2012-3957SUSE bug 777588CVE-2012-3958SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-3958SUSE bug 777588CVE-2012-3959SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-3959SUSE bug 777588CVE-2012-3960SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-3960SUSE bug 777588CVE-2012-3961SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-3961SUSE bug 777588CVE-2012-3962SUSE Linux Enterprise Server 12
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document.
CriticalCVE-2012-3962SUSE bug 777588CVE-2012-3963SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.
CriticalCVE-2012-3963SUSE bug 777588CVE-2012-3964SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-3964SUSE bug 777588CVE-2012-3965SUSE Linux Enterprise Server 12
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window.
ImportantCVE-2012-3965SUSE bug 777588CVE-2012-3966SUSE Linux Enterprise Server 12
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component.
ImportantCVE-2012-3966SUSE bug 777588CVE-2012-3967SUSE Linux Enterprise Server 12
The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site.
ImportantCVE-2012-3967SUSE bug 777588CVE-2012-3968SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor.
CriticalCVE-2012-3968SUSE bug 777588CVE-2012-3969SUSE Linux Enterprise Server 12
Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow.
ImportantCVE-2012-3969SUSE bug 777588CVE-2012-3970SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another.
CriticalCVE-2012-3970SUSE bug 777588CVE-2012-3971SUSE Linux Enterprise Server 12
Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions.
ModerateCVE-2012-3971SUSE bug 777588CVE-2012-3972SUSE Linux Enterprise Server 12
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.
ModerateCVE-2012-3972SUSE bug 777588CVE-2012-3973SUSE Linux Enterprise Server 12
The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.
ImportantCVE-2012-3973SUSE bug 777588CVE-2012-3975SUSE Linux Enterprise Server 12
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code.
LowCVE-2012-3975SUSE bug 777588CVE-2012-3976SUSE Linux Enterprise Server 12
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.
ModerateCVE-2012-3976SUSE bug 777588CVE-2012-3978SUSE Linux Enterprise Server 12
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code.
ModerateCVE-2012-3978SUSE bug 777588CVE-2012-3980SUSE Linux Enterprise Server 12
The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.
ModerateCVE-2012-3980SUSE bug 777588CVE-2012-3982SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2012-3982SUSE bug 783533CVE-2012-3983SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2012-3983SUSE bug 783533CVE-2012-3984SUSE Linux Enterprise Server 12
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling.
ImportantCVE-2012-3984SUSE bug 783533CVE-2012-3985SUSE Linux Enterprise Server 12
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.
ModerateCVE-2012-3985SUSE bug 783533CVE-2012-3986SUSE Linux Enterprise Server 12
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.
ModerateCVE-2012-3986SUSE bug 783533CVE-2012-3988SUSE Linux Enterprise Server 12
Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation.
ModerateCVE-2012-3988SUSE bug 783533CVE-2012-3989SUSE Linux Enterprise Server 12
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.
ImportantCVE-2012-3989SUSE bug 783533CVE-2012-3990SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function.
ModerateCVE-2012-3990SUSE bug 783533CVE-2012-3991SUSE Linux Enterprise Server 12
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.
ModerateCVE-2012-3991SUSE bug 783533CVE-2012-3992SUSE Linux Enterprise Server 12
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object.
ModerateCVE-2012-3992SUSE bug 783533CVE-2012-3993SUSE Linux Enterprise Server 12
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.
ModerateCVE-2012-3993SUSE bug 783533CVE-2012-3994SUSE Linux Enterprise Server 12
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.
ModerateCVE-2012-3994SUSE bug 783533CVE-2012-3995SUSE Linux Enterprise Server 12
The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
ModerateCVE-2012-3995SUSE bug 783533CVE-2012-4024SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.
ModerateCVE-2012-4024SUSE bug 773015CVE-2012-4025SUSE Linux Enterprise Server 12
Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.
ModerateCVE-2012-4025SUSE bug 773015CVE-2012-4048SUSE Linux Enterprise Server 12
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.
ModerateCVE-2012-4048SUSE bug 772738CVE-2012-4049SUSE Linux Enterprise Server 12
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.
ModerateCVE-2012-4049SUSE bug 772738CVE-2012-4179SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-4179SUSE bug 783533CVE-2012-4180SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.
CriticalCVE-2012-4180SUSE bug 783533CVE-2012-4181SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-4181SUSE bug 783533CVE-2012-4182SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-4182SUSE bug 783533CVE-2012-4183SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-4183SUSE bug 783533CVE-2012-4184SUSE Linux Enterprise Server 12
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site.
CriticalCVE-2012-4184SUSE bug 783533CVE-2012-4185SUSE Linux Enterprise Server 12
Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
ModerateCVE-2012-4185SUSE bug 783533CVE-2012-4186SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.
CriticalCVE-2012-4186SUSE bug 783533CVE-2012-4187SUSE Linux Enterprise Server 12
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors.
CriticalCVE-2012-4187SUSE bug 783533CVE-2012-4188SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.
CriticalCVE-2012-4188SUSE bug 783533CVE-2012-4191SUSE Linux Enterprise Server 12
The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
ImportantCVE-2012-4191CVE-2012-4192SUSE Linux Enterprise Server 12
Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.
ImportantCVE-2012-4192CVE-2012-4193SUSE Linux Enterprise Server 12
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.
ImportantCVE-2012-4193SUSE bug 783533CVE-2012-4194SUSE Linux Enterprise Server 12
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
ModerateCVE-2012-4194SUSE bug 786522CVE-2012-4195SUSE Linux Enterprise Server 12
The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.
ModerateCVE-2012-4195SUSE bug 786522CVE-2012-4196SUSE Linux Enterprise Server 12
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.
ModerateCVE-2012-4196SUSE bug 786522CVE-2012-4201SUSE Linux Enterprise Server 12
The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on.
ModerateCVE-2012-4201SUSE bug 790140CVE-2012-4202SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image.
ImportantCVE-2012-4202SUSE bug 790140CVE-2012-4203SUSE Linux Enterprise Server 12
The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.
ModerateCVE-2012-4203SUSE bug 790140CVE-2012-4204SUSE Linux Enterprise Server 12
The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
ImportantCVE-2012-4204SUSE bug 790140CVE-2012-4205SUSE Linux Enterprise Server 12
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on.
ModerateCVE-2012-4205SUSE bug 790140CVE-2012-4207SUSE Linux Enterprise Server 12
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.
ModerateCVE-2012-4207SUSE bug 790140CVE-2012-4208SUSE Linux Enterprise Server 12
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.
ModerateCVE-2012-4208SUSE bug 790140CVE-2012-4209SUSE Linux Enterprise Server 12
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.
ModerateCVE-2012-4209SUSE bug 790140CVE-2012-4210SUSE Linux Enterprise Server 12
The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.
ImportantCVE-2012-4210SUSE bug 790140CVE-2012-4212SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
ImportantCVE-2012-4212SUSE bug 790140CVE-2012-4213SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-4213SUSE bug 790140CVE-2012-4214SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840.
ImportantCVE-2012-4214SUSE bug 790140CVE-2012-4215SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-4215SUSE bug 790140CVE-2012-4216SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-4216SUSE bug 790140CVE-2012-4217SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-4217SUSE bug 790140CVE-2012-4218SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2012-4218SUSE bug 790140CVE-2012-4244SUSE Linux Enterprise Server 12
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
ImportantCVE-2012-4244SUSE bug 780157SUSE bug 792926CVE-2012-4285SUSE Linux Enterprise Server 12
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message.
ModerateCVE-2012-4285SUSE bug 776083CVE-2012-4286SUSE Linux Enterprise Server 12
The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file.
LowCVE-2012-4286SUSE bug 776083CVE-2012-4287SUSE Linux Enterprise Server 12
epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length.
ModerateCVE-2012-4287SUSE bug 776083CVE-2012-4288SUSE Linux Enterprise Server 12
Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length.
ModerateCVE-2012-4288SUSE bug 776083CVE-2012-4289SUSE Linux Enterprise Server 12
epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.
ModerateCVE-2012-4289SUSE bug 776083CVE-2012-4290SUSE Linux Enterprise Server 12
The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.
ModerateCVE-2012-4290SUSE bug 776083CVE-2012-4291SUSE Linux Enterprise Server 12
The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
ModerateCVE-2012-4291SUSE bug 776083CVE-2012-4292SUSE Linux Enterprise Server 12
The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2012-4292SUSE bug 776083CVE-2012-4293SUSE Linux Enterprise Server 12
plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet.
ModerateCVE-2012-4293SUSE bug 776083CVE-2012-4294SUSE Linux Enterprise Server 12
Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value.
ModerateCVE-2012-4294SUSE bug 776083CVE-2012-4295SUSE Linux Enterprise Server 12
Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value.
ModerateCVE-2012-4295SUSE bug 776083CVE-2012-4296SUSE Linux Enterprise Server 12
Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.
ModerateCVE-2012-4296SUSE bug 776083CVE-2012-4297SUSE Linux Enterprise Server 12
Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet.
ModerateCVE-2012-4297SUSE bug 776083CVE-2012-4298SUSE Linux Enterprise Server 12
Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow.
ModerateCVE-2012-4298SUSE bug 776083CVE-2012-4411SUSE Linux Enterprise Server 12
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.
ImportantCVE-2012-4411SUSE bug 779212SUSE bug 786516SUSE bug 786518SUSE bug 786519SUSE bug 786520SUSE bug 787163CVE-2012-4412SUSE Linux Enterprise Server 12
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
ModerateCVE-2012-4412SUSE bug 779320SUSE bug 848783SUSE bug 882910SUSE bug 920055SUSE bug 920169SUSE bug 920338CVE-2012-4416SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot.
ModerateCVE-2012-4416SUSE bug 779714SUSE bug 785433SUSE bug 785814CVE-2012-4425SUSE Linux Enterprise Server 12
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
ModerateCVE-2012-4425CVE-2012-4453SUSE Linux Enterprise Server 12
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.
ModerateCVE-2012-4453SUSE bug 1008340SUSE bug 782734CVE-2012-4504SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.
ModerateCVE-2012-4504SUSE bug 784523SUSE bug 795039CVE-2012-4510SUSE Linux Enterprise Server 12
cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.
ModerateCVE-2012-4510SUSE bug 783488CVE-2012-4535SUSE Linux Enterprise Server 12
Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline."
ModerateCVE-2012-4535SUSE bug 779212SUSE bug 786516SUSE bug 786518SUSE bug 786519SUSE bug 786520SUSE bug 787163CVE-2012-4536SUSE Linux Enterprise Server 12
The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read.
ModerateCVE-2012-4536SUSE bug 779212SUSE bug 786516SUSE bug 786518SUSE bug 786519SUSE bug 786520SUSE bug 787163CVE-2012-4537SUSE Linux Enterprise Server 12
Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability."
ModerateCVE-2012-4537SUSE bug 779212SUSE bug 786516SUSE bug 786517SUSE bug 786518SUSE bug 786519SUSE bug 786520SUSE bug 787163CVE-2012-4538SUSE Linux Enterprise Server 12
The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.
ModerateCVE-2012-4538SUSE bug 779212SUSE bug 786516SUSE bug 786518SUSE bug 786519SUSE bug 786520SUSE bug 787163CVE-2012-4539SUSE Linux Enterprise Server 12
Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability."
ModerateCVE-2012-4539SUSE bug 779212SUSE bug 786516SUSE bug 786518SUSE bug 786519SUSE bug 786520SUSE bug 787163CVE-2012-4544SUSE Linux Enterprise Server 12
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.
ModerateCVE-2012-4544SUSE bug 779212SUSE bug 786516SUSE bug 786518SUSE bug 786519SUSE bug 786520SUSE bug 787163SUSE bug 840592CVE-2012-4564SUSE Linux Enterprise Server 12
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
ModerateCVE-2012-4564SUSE bug 781995SUSE bug 787892SUSE bug 791607SUSE bug 854393CVE-2012-4681SUSE Linux Enterprise Server 12
Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.
ImportantCVE-2012-4681SUSE bug 777499SUSE bug 778629SUSE bug 780897SUSE bug 785433SUSE bug 785814SUSE bug 798324CVE-2012-4929SUSE Linux Enterprise Server 12
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
ModerateCVE-2012-4929SUSE bug 1011293SUSE bug 779952SUSE bug 793420SUSE bug 803004SUSE bug 847895CVE-2012-5068SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
ModerateCVE-2012-5068SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5069SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency.
ModerateCVE-2012-5069SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5070SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX.
ModerateCVE-2012-5070SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5071SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX.
ModerateCVE-2012-5071SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5072SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security.
ModerateCVE-2012-5072SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5073SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079.
ModerateCVE-2012-5073SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5074SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS.
ModerateCVE-2012-5074SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5075SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX.
ModerateCVE-2012-5075SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5076SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
ImportantCVE-2012-5076SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5077SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security.
LowCVE-2012-5077SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5079SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073.
ModerateCVE-2012-5079SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5081SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.
ModerateCVE-2012-5081SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5084SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
ModerateCVE-2012-5084SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5085SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE.
LowCVE-2012-5085SUSE bug 785433SUSE bug 785814CVE-2012-5086SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
ImportantCVE-2012-5086SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5087SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
ImportantCVE-2012-5087SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5088SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
ImportantCVE-2012-5088SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5089SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-3143.
ModerateCVE-2012-5089SUSE bug 785433SUSE bug 785814SUSE bug 788750CVE-2012-5112SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
CriticalCVE-2012-5112SUSE bug 786698CVE-2012-5133SUSE Linux Enterprise Server 12
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.
ImportantCVE-2012-5133SUSE bug 791234CVE-2012-5134SUSE Linux Enterprise Server 12
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
ModerateCVE-2012-5134SUSE bug 1123919SUSE bug 791234SUSE bug 793334SUSE bug 795039SUSE bug 804033CVE-2012-5166SUSE Linux Enterprise Server 12
ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
ModerateCVE-2012-5166SUSE bug 784602SUSE bug 792926CVE-2012-5237SUSE Linux Enterprise Server 12
The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
ModerateCVE-2012-5237SUSE bug 783275CVE-2012-5238SUSE Linux Enterprise Server 12
epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet.
ModerateCVE-2012-5238SUSE bug 783275CVE-2012-5239SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3548. Reason: This candidate is a reservation duplicate of CVE-2012-3548. Notes: All CVE users should reference CVE-2012-3548 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2012-5239SUSE bug 783275CVE-2012-5240SUSE Linux Enterprise Server 12
Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet.
ModerateCVE-2012-5240SUSE bug 783275CVE-2012-5510SUSE Linux Enterprise Server 12
Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.
ModerateCVE-2012-5510SUSE bug 789945CVE-2012-5511SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.
ModerateCVE-2012-5511SUSE bug 789944CVE-2012-5513SUSE Linux Enterprise Server 12
The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range.
ImportantCVE-2012-5513SUSE bug 789951CVE-2012-5514SUSE Linux Enterprise Server 12
The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors.
ModerateCVE-2012-5514SUSE bug 789948SUSE bug 789988CVE-2012-5515SUSE Linux Enterprise Server 12
The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value.
ModerateCVE-2012-5515SUSE bug 789950CVE-2012-5519SUSE Linux Enterprise Server 12
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
ImportantCVE-2012-5519SUSE bug 789566SUSE bug 882905SUSE bug 924208CVE-2012-5525SUSE Linux Enterprise Server 12
The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read.
ModerateCVE-2012-5525SUSE bug 789952CVE-2012-5532SUSE Linux Enterprise Server 12
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669.
LowCVE-2012-5532SUSE bug 791605CVE-2012-5592SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6052. Reason: This candidate is a reservation duplicate of CVE-2012-6052. Notes: All CVE users should reference CVE-2012-6052 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2012-5592SUSE bug 792005CVE-2012-5593SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6053. Reason: This candidate is a reservation duplicate of CVE-2012-6053. Notes: All CVE users should reference CVE-2012-6053 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2012-5593SUSE bug 792005CVE-2012-5594SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6054. Reason: This candidate is a reservation duplicate of CVE-2012-6054. Notes: All CVE users should reference CVE-2012-6054 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2012-5594SUSE bug 792005CVE-2012-5595SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6056. Reason: This candidate is a reservation duplicate of CVE-2012-6056. Notes: All CVE users should reference CVE-2012-6056 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2012-5595SUSE bug 792005CVE-2012-5596SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6057. Reason: This candidate is a reservation duplicate of CVE-2012-6057. Notes: All CVE users should reference CVE-2012-6057 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2012-5596SUSE bug 792005CVE-2012-5597SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6059. Reason: This candidate is a reservation duplicate of CVE-2012-6059. Notes: All CVE users should reference CVE-2012-6059 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2012-5597SUSE bug 792005CVE-2012-5598SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6060. Reason: This candidate is a reservation duplicate of CVE-2012-6060. Notes: All CVE users should reference CVE-2012-6060 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2012-5598SUSE bug 792005CVE-2012-5599SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6061. Reason: This candidate is a reservation duplicate of CVE-2012-6061. Notes: All CVE users should reference CVE-2012-6061 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2012-5599SUSE bug 792005CVE-2012-5600SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6062. Reason: This candidate is a reservation duplicate of CVE-2012-6062. Notes: All CVE users should reference CVE-2012-6062 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2012-5600SUSE bug 792005CVE-2012-5601SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6055. Reason: This candidate is a reservation duplicate of CVE-2012-6055. Notes: All CVE users should reference CVE-2012-6055 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2012-5601SUSE bug 792005CVE-2012-5602SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6058. Reason: This candidate is a reservation duplicate of CVE-2012-6058. Notes: All CVE users should reference CVE-2012-6058 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2012-5602SUSE bug 792005CVE-2012-5615SUSE Linux Enterprise Server 12
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
ModerateCVE-2012-5615SUSE bug 792440SUSE bug 901237SUSE bug 915913CVE-2012-5634SUSE Linux Enterprise Server 12
Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt.
ModerateCVE-2012-5634SUSE bug 794316SUSE bug 800275SUSE bug 840592CVE-2012-5643SUSE Linux Enterprise Server 12
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.
ModerateCVE-2012-5643SUSE bug 794954SUSE bug 796999CVE-2012-5668SUSE Linux Enterprise Server 12
FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function.
ModerateCVE-2012-5668SUSE bug 795826CVE-2012-5669SUSE Linux Enterprise Server 12
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.
ModerateCVE-2012-5669SUSE bug 795826CVE-2012-5670SUSE Linux Enterprise Server 12
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.
ModerateCVE-2012-5670SUSE bug 795826CVE-2012-5688SUSE Linux Enterprise Server 12
ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
ModerateCVE-2012-5688SUSE bug 792926CVE-2012-5689SUSE Linux Enterprise Server 12
ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.
ModerateCVE-2012-5689SUSE bug 800822CVE-2012-5783SUSE Linux Enterprise Server 12
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
ModerateCVE-2012-5783SUSE bug 1132354SUSE bug 803332SUSE bug 803333CVE-2012-5829SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.
ModerateCVE-2012-5829SUSE bug 790140SUSE bug 796895CVE-2012-5830SUSE Linux Enterprise Server 12
Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.
ModerateCVE-2012-5830SUSE bug 790140CVE-2012-5833SUSE Linux Enterprise Server 12
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter.
CriticalCVE-2012-5833SUSE bug 790140CVE-2012-5835SUSE Linux Enterprise Server 12
Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data.
CriticalCVE-2012-5835SUSE bug 790140CVE-2012-5836SUSE Linux Enterprise Server 12
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.
ImportantCVE-2012-5836SUSE bug 790140CVE-2012-5837SUSE Linux Enterprise Server 12
The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
ModerateCVE-2012-5837SUSE bug 790140CVE-2012-5838SUSE Linux Enterprise Server 12
The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions.
ImportantCVE-2012-5838SUSE bug 790140CVE-2012-5839SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.
CriticalCVE-2012-5839SUSE bug 790140CVE-2012-5840SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.
CriticalCVE-2012-5840SUSE bug 790140CVE-2012-5841SUSE Linux Enterprise Server 12
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
ModerateCVE-2012-5841SUSE bug 790140CVE-2012-5842SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2012-5842SUSE bug 790140CVE-2012-5843SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2012-5843SUSE bug 790140CVE-2012-6075SUSE Linux Enterprise Server 12
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
ModerateCVE-2012-6075SUSE bug 797523SUSE bug 800275SUSE bug 840592CVE-2012-6093SUSE Linux Enterprise Server 12
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
ModerateCVE-2012-6093SUSE bug 797006SUSE bug 802634CVE-2012-6094SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2012-6094SUSE bug 795624SUSE bug 857372CVE-2012-6150SUSE Linux Enterprise Server 12
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
LowCVE-2012-6150SUSE bug 844720SUSE bug 853347CVE-2013-0151SUSE Linux Enterprise Server 12
The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.
ModerateCVE-2013-0151SUSE bug 797285CVE-2013-0152SUSE Linux Enterprise Server 12
Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled.
ModerateCVE-2013-0152SUSE bug 797287SUSE bug 800798CVE-2013-0153SUSE Linux Enterprise Server 12
The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.
ModerateCVE-2013-0153SUSE bug 800275SUSE bug 800802SUSE bug 840592CVE-2013-0157SUSE Linux Enterprise Server 12
(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.
LowCVE-2013-0157SUSE bug 797002CVE-2013-0160SUSE Linux Enterprise Server 12
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.
LowCVE-2013-0160SUSE bug 797175SUSE bug 841063SUSE bug 871595CVE-2013-0166SUSE Linux Enterprise Server 12
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
ModerateCVE-2013-0166SUSE bug 802648SUSE bug 802746SUSE bug 813366SUSE bug 821818SUSE bug 833408SUSE bug 905106SUSE bug 911906CVE-2013-0169SUSE Linux Enterprise Server 12
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
CriticalCVE-2013-0169SUSE bug 1070148SUSE bug 1103036SUSE bug 1103597SUSE bug 802184SUSE bug 802648SUSE bug 802746SUSE bug 803379SUSE bug 804654SUSE bug 809839SUSE bug 813366SUSE bug 813939SUSE bug 821818SUSE bug 905106SUSE bug 977584SUSE bug 977616CVE-2013-0170SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
ModerateCVE-2013-0170SUSE bug 800976CVE-2013-0172SUSE Linux Enterprise Server 12
Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute.
ModerateCVE-2013-0172SUSE bug 798364CVE-2013-0211SUSE Linux Enterprise Server 12
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.
LowCVE-2013-0211SUSE bug 800024SUSE bug 979005CVE-2013-0213SUSE Linux Enterprise Server 12
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
ModerateCVE-2013-0213SUSE bug 799641SUSE bug 800982SUSE bug 880220CVE-2013-0214SUSE Linux Enterprise Server 12
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
ModerateCVE-2013-0214SUSE bug 799641SUSE bug 880220CVE-2013-0219SUSE Linux Enterprise Server 12
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
ModerateCVE-2013-0219SUSE bug 801036CVE-2013-0220SUSE Linux Enterprise Server 12
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.
CVE-2013-0220SUSE bug 801036CVE-2013-0221SUSE Linux Enterprise Server 12
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
ModerateCVE-2013-0221SUSE bug 798538CVE-2013-0222SUSE Linux Enterprise Server 12
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.
ModerateCVE-2013-0222SUSE bug 796243SUSE bug 798538SUSE bug 798541CVE-2013-0223SUSE Linux Enterprise Server 12
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.
ModerateCVE-2013-0223SUSE bug 798538SUSE bug 798541CVE-2013-0231SUSE Linux Enterprise Server 12
The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information.
ModerateCVE-2013-0231SUSE bug 801178SUSE bug 841063SUSE bug 871595CVE-2013-0240SUSE Linux Enterprise Server 12
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
ModerateCVE-2013-0240SUSE bug 802409SUSE bug 808534CVE-2013-0242SUSE Linux Enterprise Server 12
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
ModerateCVE-2013-0242SUSE bug 801246SUSE bug 848783SUSE bug 882910CVE-2013-0249SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.
ImportantCVE-2013-0249SUSE bug 802411CVE-2013-0254SUSE Linux Enterprise Server 12
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
ModerateCVE-2013-0254SUSE bug 802634CVE-2013-0255SUSE Linux Enterprise Server 12
PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.
ModerateCVE-2013-0255SUSE bug 802679SUSE bug 803057CVE-2013-0262SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
ModerateCVE-2013-0262SUSE bug 802795CVE-2013-0263SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.
ModerateCVE-2013-0263SUSE bug 802794SUSE bug 809839CVE-2013-0269SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."
ImportantCVE-2013-0269SUSE bug 803342SUSE bug 807044SUSE bug 809839CVE-2013-0276SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
ModerateCVE-2013-0276SUSE bug 803336CVE-2013-0277SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
ImportantCVE-2013-0277SUSE bug 803339SUSE bug 809839CVE-2013-0287SUSE Linux Enterprise Server 12
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.
ModerateCVE-2013-0287SUSE bug 809153CVE-2013-0292SUSE Linux Enterprise Server 12
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
ModerateCVE-2013-0292SUSE bug 792095SUSE bug 804392CVE-2013-0338SUSE Linux Enterprise Server 12
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.
ModerateCVE-2013-0338SUSE bug 1123919SUSE bug 805233CVE-2013-0401SUSE Linux Enterprise Server 12
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.
ImportantCVE-2013-0401SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-0422SUSE Linux Enterprise Server 12
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
ModerateCVE-2013-0422SUSE bug 798324SUSE bug 798521SUSE bug 798535CVE-2013-0424SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
ModerateCVE-2013-0424SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0425SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
ImportantCVE-2013-0425SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0426SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
ImportantCVE-2013-0426SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0427SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.
ImportantCVE-2013-0427SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0428SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
ImportantCVE-2013-0428SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0429SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.
ImportantCVE-2013-0429SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0431SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
ImportantCVE-2013-0431SUSE bug 798535SUSE bug 803379SUSE bug 806786CVE-2013-0432SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."
ImportantCVE-2013-0432SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0433SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.
ImportantCVE-2013-0433SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0434SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.
ImportantCVE-2013-0434SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0435SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."
ImportantCVE-2013-0435SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0440SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.
ImportantCVE-2013-0440SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0441SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."
ImportantCVE-2013-0441SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0442SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
ImportantCVE-2013-0442SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0443SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.
ImportantCVE-2013-0443SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0444SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code.
ImportantCVE-2013-0444SUSE bug 798535SUSE bug 803379SUSE bug 806786CVE-2013-0450SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.
ImportantCVE-2013-0450SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-0454SUSE Linux Enterprise Server 12
The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.
LowCVE-2013-0454SUSE bug 811975CVE-2013-0743SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none.
ModerateCVE-2013-0743SUSE bug 796895CVE-2013-0744SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups.
ImportantCVE-2013-0744SUSE bug 796895CVE-2013-0745SUSE Linux Enterprise Server 12
The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects.
ImportantCVE-2013-0745SUSE bug 796895CVE-2013-0746SUSE Linux Enterprise Server 12
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection.
ImportantCVE-2013-0746SUSE bug 796895CVE-2013-0747SUSE Linux Enterprise Server 12
The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.
ModerateCVE-2013-0747SUSE bug 796895CVE-2013-0748SUSE Linux Enterprise Server 12
The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object.
ModerateCVE-2013-0748SUSE bug 796895CVE-2013-0749SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2013-0749SUSE bug 796895CVE-2013-0750SUSE Linux Enterprise Server 12
Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow.
ImportantCVE-2013-0750SUSE bug 796895CVE-2013-0751SUSE Linux Enterprise Server 12
Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document.
ModerateCVE-2013-0751SUSE bug 796895CVE-2013-0752SUSE Linux Enterprise Server 12
Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content.
ImportantCVE-2013-0752SUSE bug 796895CVE-2013-0753SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content.
ImportantCVE-2013-0753SUSE bug 796895CVE-2013-0754SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects.
ImportantCVE-2013-0754SUSE bug 796895CVE-2013-0755SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer.
ImportantCVE-2013-0755SUSE bug 796895CVE-2013-0756SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection.
ImportantCVE-2013-0756SUSE bug 796895CVE-2013-0757SUSE Linux Enterprise Server 12
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document.
ImportantCVE-2013-0757SUSE bug 796895CVE-2013-0758SUSE Linux Enterprise Server 12
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
ImportantCVE-2013-0758SUSE bug 796895CVE-2013-0760SUSE Linux Enterprise Server 12
Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
ImportantCVE-2013-0760SUSE bug 796895CVE-2013-0761SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2013-0761SUSE bug 796895CVE-2013-0762SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
ImportantCVE-2013-0762SUSE bug 796895CVE-2013-0763SUSE Linux Enterprise Server 12
Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas.
CriticalCVE-2013-0763SUSE bug 796895CVE-2013-0764SUSE Linux Enterprise Server 12
The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data.
ModerateCVE-2013-0764SUSE bug 796895CVE-2013-0765SUSE Linux Enterprise Server 12
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
ImportantCVE-2013-0765SUSE bug 804248CVE-2013-0766SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2013-0766SUSE bug 796895CVE-2013-0767SUSE Linux Enterprise Server 12
The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CriticalCVE-2013-0767SUSE bug 796895CVE-2013-0768SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values.
ImportantCVE-2013-0768SUSE bug 796895CVE-2013-0769SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2013-0769SUSE bug 796895CVE-2013-0770SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2013-0770SUSE bug 796895CVE-2013-0771SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
CriticalCVE-2013-0771SUSE bug 796895CVE-2013-0772SUSE Linux Enterprise Server 12
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.
ModerateCVE-2013-0772SUSE bug 804248CVE-2013-0773SUSE Linux Enterprise Server 12
The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.
ModerateCVE-2013-0773SUSE bug 804248CVE-2013-0774SUSE Linux Enterprise Server 12
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.
ImportantCVE-2013-0774SUSE bug 804248CVE-2013-0775SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script.
ImportantCVE-2013-0775SUSE bug 804248CVE-2013-0776SUSE Linux Enterprise Server 12
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.
ModerateCVE-2013-0776SUSE bug 804248CVE-2013-0777SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
ImportantCVE-2013-0777SUSE bug 804248CVE-2013-0778SUSE Linux Enterprise Server 12
The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CriticalCVE-2013-0778SUSE bug 804248CVE-2013-0779SUSE Linux Enterprise Server 12
The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CriticalCVE-2013-0779SUSE bug 804248CVE-2013-0780SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.
ImportantCVE-2013-0780SUSE bug 804248CVE-2013-0781SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2013-0781SUSE bug 804248CVE-2013-0782SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors.
CriticalCVE-2013-0782SUSE bug 804248CVE-2013-0783SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2013-0783SUSE bug 804248CVE-2013-0787SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.
ImportantCVE-2013-0787SUSE bug 808243CVE-2013-0788SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2013-0788SUSE bug 813026SUSE bug 819204CVE-2013-0789SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors.
ImportantCVE-2013-0789SUSE bug 813026SUSE bug 819204CVE-2013-0791SUSE Linux Enterprise Server 12
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.
ModerateCVE-2013-0791SUSE bug 813026SUSE bug 819204CVE-2013-0792SUSE Linux Enterprise Server 12
Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image.
ModerateCVE-2013-0792SUSE bug 813026SUSE bug 819204CVE-2013-0793SUSE Linux Enterprise Server 12
Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing.
ModerateCVE-2013-0793SUSE bug 819204CVE-2013-0794SUSE Linux Enterprise Server 12
Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site.
ModerateCVE-2013-0794SUSE bug 813026SUSE bug 819204CVE-2013-0795SUSE Linux Enterprise Server 12
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.
ImportantCVE-2013-0795SUSE bug 813026SUSE bug 819204CVE-2013-0796SUSE Linux Enterprise Server 12
The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors.
ImportantCVE-2013-0796SUSE bug 813026SUSE bug 819204CVE-2013-0800SUSE Linux Enterprise Server 12
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.
ModerateCVE-2013-0800SUSE bug 813026SUSE bug 819204CVE-2013-0801SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2013-0801SUSE bug 819204CVE-2013-0809SUSE Linux Enterprise Server 12
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
ModerateCVE-2013-0809SUSE bug 806786SUSE bug 807487SUSE bug 809386SUSE bug 813939CVE-2013-0913SUSE Linux Enterprise Server 12
Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition.
ModerateCVE-2013-0913SUSE bug 808829SUSE bug 871595CVE-2013-1415SUSE Linux Enterprise Server 12
The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
ModerateCVE-2013-1415SUSE bug 806715CVE-2013-1417SUSE Linux Enterprise Server 12
do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.
ModerateCVE-2013-1417SUSE bug 850660SUSE bug 879587CVE-2013-1418SUSE Linux Enterprise Server 12
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
ModerateCVE-2013-1418SUSE bug 849240SUSE bug 866059SUSE bug 879587CVE-2013-1442SUSE Linux Enterprise Server 12
Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers.
ModerateCVE-2013-1442SUSE bug 839596SUSE bug 840592CVE-2013-1445SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
ModerateCVE-2013-1445SUSE bug 846214CVE-2013-1475SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
ImportantCVE-2013-1475SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-1476SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
ImportantCVE-2013-1476SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-1478SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.
ImportantCVE-2013-1478SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-1480SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
ImportantCVE-2013-1480SUSE bug 798535SUSE bug 801972SUSE bug 803379SUSE bug 806786CVE-2013-1484SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
ImportantCVE-2013-1484SUSE bug 798535SUSE bug 803379CVE-2013-1485SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
ModerateCVE-2013-1485SUSE bug 798535SUSE bug 803379CVE-2013-1486SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
ImportantCVE-2013-1486SUSE bug 798535SUSE bug 803379SUSE bug 804654CVE-2013-1488SUSE Linux Enterprise Server 12
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.
ImportantCVE-2013-1488SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-1493SUSE Linux Enterprise Server 12
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
ModerateCVE-2013-1493SUSE bug 806786SUSE bug 807487SUSE bug 809386SUSE bug 813939CVE-2013-1500SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
ImportantCVE-2013-1500SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-1518SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions."
ModerateCVE-2013-1518SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-1537SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code.
ImportantCVE-2013-1537SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-1557SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method.
ImportantCVE-2013-1557SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-1569SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.
ImportantCVE-2013-1569SUSE bug 816720SUSE bug 817157SUSE bug 819288SUSE bug 932310CVE-2013-1571SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.
ModerateCVE-2013-1571SUSE bug 824397SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-1572SUSE Linux Enterprise Server 12
The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
ModerateCVE-2013-1572SUSE bug 801131CVE-2013-1573SUSE Linux Enterprise Server 12
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
ModerateCVE-2013-1573SUSE bug 801131CVE-2013-1574SUSE Linux Enterprise Server 12
The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
ModerateCVE-2013-1574SUSE bug 801131CVE-2013-1575SUSE Linux Enterprise Server 12
The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
ModerateCVE-2013-1575SUSE bug 801131CVE-2013-1576SUSE Linux Enterprise Server 12
The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
ModerateCVE-2013-1576SUSE bug 801131CVE-2013-1577SUSE Linux Enterprise Server 12
The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
ModerateCVE-2013-1577SUSE bug 801131CVE-2013-1578SUSE Linux Enterprise Server 12
The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet.
ModerateCVE-2013-1578SUSE bug 801131CVE-2013-1579SUSE Linux Enterprise Server 12
The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
ModerateCVE-2013-1579SUSE bug 801131CVE-2013-1580SUSE Linux Enterprise Server 12
The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
ModerateCVE-2013-1580SUSE bug 801131CVE-2013-1581SUSE Linux Enterprise Server 12
The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet.
ModerateCVE-2013-1581SUSE bug 801131CVE-2013-1582SUSE Linux Enterprise Server 12
The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet.
ModerateCVE-2013-1582SUSE bug 801131CVE-2013-1583SUSE Linux Enterprise Server 12
The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-1583SUSE bug 801131CVE-2013-1584SUSE Linux Enterprise Server 12
The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-1584SUSE bug 801131CVE-2013-1585SUSE Linux Enterprise Server 12
epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-1585SUSE bug 801131CVE-2013-1586SUSE Linux Enterprise Server 12
The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-1586SUSE bug 801131CVE-2013-1587SUSE Linux Enterprise Server 12
The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-1587SUSE bug 801131CVE-2013-1588SUSE Linux Enterprise Server 12
Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-1588SUSE bug 801131CVE-2013-1589SUSE Linux Enterprise Server 12
Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-1589SUSE bug 801131CVE-2013-1590SUSE Linux Enterprise Server 12
Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-1590SUSE bug 801131CVE-2013-1620SUSE Linux Enterprise Server 12
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
ModerateCVE-2013-1620SUSE bug 802184CVE-2013-1667SUSE Linux Enterprise Server 12
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
ModerateCVE-2013-1667SUSE bug 804415CVE-2013-1669SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2013-1669SUSE bug 819204CVE-2013-1670SUSE Linux Enterprise Server 12
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
ModerateCVE-2013-1670SUSE bug 819204CVE-2013-1671SUSE Linux Enterprise Server 12
Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site.
ModerateCVE-2013-1671SUSE bug 819204CVE-2013-1674SUSE Linux Enterprise Server 12
Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video.
ImportantCVE-2013-1674SUSE bug 819204CVE-2013-1675SUSE Linux Enterprise Server 12
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
ImportantCVE-2013-1675SUSE bug 819204CVE-2013-1676SUSE Linux Enterprise Server 12
The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
ImportantCVE-2013-1676SUSE bug 819204CVE-2013-1677SUSE Linux Enterprise Server 12
The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CriticalCVE-2013-1677SUSE bug 819204CVE-2013-1678SUSE Linux Enterprise Server 12
The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors.
CriticalCVE-2013-1678SUSE bug 819204CVE-2013-1679SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2013-1679SUSE bug 819204CVE-2013-1680SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2013-1680SUSE bug 819204CVE-2013-1681SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2013-1681SUSE bug 819204CVE-2013-1682SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2013-1682SUSE bug 825935CVE-2013-1683SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2013-1683SUSE bug 1150035SUSE bug 825935CVE-2013-1684SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.
ImportantCVE-2013-1684SUSE bug 825935CVE-2013-1685SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.
CriticalCVE-2013-1685SUSE bug 825935CVE-2013-1686SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CriticalCVE-2013-1686SUSE bug 825935CVE-2013-1687SUSE Linux Enterprise Server 12
The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site.
ImportantCVE-2013-1687SUSE bug 825935CVE-2013-1688SUSE Linux Enterprise Server 12
The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site.
ModerateCVE-2013-1688SUSE bug 825935CVE-2013-1690SUSE Linux Enterprise Server 12
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
ImportantCVE-2013-1690SUSE bug 825935CVE-2013-1692SUSE Linux Enterprise Server 12
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.
ModerateCVE-2013-1692SUSE bug 825935CVE-2013-1693SUSE Linux Enterprise Server 12
The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code.
ModerateCVE-2013-1693SUSE bug 825935CVE-2013-1694SUSE Linux Enterprise Server 12
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag.
ModerateCVE-2013-1694SUSE bug 825935CVE-2013-1695SUSE Linux Enterprise Server 12
Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element.
ModerateCVE-2013-1695SUSE bug 825935CVE-2013-1696SUSE Linux Enterprise Server 12
Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses.
ModerateCVE-2013-1696SUSE bug 825935CVE-2013-1697SUSE Linux Enterprise Server 12
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method.
ModerateCVE-2013-1697SUSE bug 825935CVE-2013-1698SUSE Linux Enterprise Server 12
The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME elements.
ModerateCVE-2013-1698SUSE bug 825935CVE-2013-1699SUSE Linux Enterprise Server 12
The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters.
ModerateCVE-2013-1699SUSE bug 825935CVE-2013-1701SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2013-1701SUSE bug 833389CVE-2013-1702SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2013-1702SUSE bug 833389CVE-2013-1704SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event.
ImportantCVE-2013-1704SUSE bug 833389CVE-2013-1705SUSE Linux Enterprise Server 12
Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.
ImportantCVE-2013-1705SUSE bug 833389SUSE bug 840485CVE-2013-1708SUSE Linux Enterprise Server 12
Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function.
ModerateCVE-2013-1708SUSE bug 833389CVE-2013-1709SUSE Linux Enterprise Server 12
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document.
ModerateCVE-2013-1709SUSE bug 833389CVE-2013-1710SUSE Linux Enterprise Server 12
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation.
ImportantCVE-2013-1710SUSE bug 833389CVE-2013-1711SUSE Linux Enterprise Server 12
The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object.
ModerateCVE-2013-1711SUSE bug 833389CVE-2013-1713SUSE Linux Enterprise Server 12
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site.
ModerateCVE-2013-1713SUSE bug 833389CVE-2013-1714SUSE Linux Enterprise Server 12
The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors.
ModerateCVE-2013-1714SUSE bug 833389CVE-2013-1717SUSE Linux Enterprise Server 12
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname.
ModerateCVE-2013-1717SUSE bug 833389CVE-2013-1718SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2013-1718SUSE bug 840485CVE-2013-1719SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2013-1719SUSE bug 840485CVE-2013-1720SUSE Linux Enterprise Server 12
The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state.
ModerateCVE-2013-1720SUSE bug 840485CVE-2013-1721SUSE Linux Enterprise Server 12
Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site.
ImportantCVE-2013-1721SUSE bug 840485CVE-2013-1722SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning.
ImportantCVE-2013-1722SUSE bug 840485CVE-2013-1723SUSE Linux Enterprise Server 12
The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation.
ImportantCVE-2013-1723SUSE bug 840485CVE-2013-1724SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element.
ImportantCVE-2013-1724SUSE bug 840485CVE-2013-1725SUSE Linux Enterprise Server 12
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling.
ModerateCVE-2013-1725SUSE bug 840485CVE-2013-1728SUSE Linux Enterprise Server 12
The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors.
ImportantCVE-2013-1728SUSE bug 840485CVE-2013-1730SUSE Linux Enterprise Server 12
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site.
ModerateCVE-2013-1730SUSE bug 840485CVE-2013-1732SUSE Linux Enterprise Server 12
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout.
ImportantCVE-2013-1732SUSE bug 840485CVE-2013-1735SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling.
ImportantCVE-2013-1735SUSE bug 840485CVE-2013-1736SUSE Linux Enterprise Server 12
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes.
ImportantCVE-2013-1736SUSE bug 840485CVE-2013-1737SUSE Linux Enterprise Server 12
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.
ModerateCVE-2013-1737SUSE bug 840485CVE-2013-1738SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration.
ImportantCVE-2013-1738SUSE bug 840485CVE-2013-1739SUSE Linux Enterprise Server 12
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure.
ModerateCVE-2013-1739SUSE bug 842979SUSE bug 847708CVE-2013-1740SUSE Linux Enterprise Server 12
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
ModerateCVE-2013-1740SUSE bug 859055CVE-2013-1752SUSE Linux Enterprise Server 12
** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 "Independently Fixable" in the CVE Counting Decisions.
ModerateCVE-2013-1752SUSE bug 856836CVE-2013-1753SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2013-1753SUSE bug 856835CVE-2013-1762SUSE Linux Enterprise Server 12
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
ImportantCVE-2013-1762SUSE bug 807440SUSE bug 807450CVE-2013-1775SUSE Linux Enterprise Server 12
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
ModerateCVE-2013-1775SUSE bug 806919SUSE bug 806921SUSE bug 815325SUSE bug 845568SUSE bug 854381CVE-2013-1776SUSE Linux Enterprise Server 12
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
LowCVE-2013-1776SUSE bug 806921SUSE bug 817349SUSE bug 817350CVE-2013-1788SUSE Linux Enterprise Server 12
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
ModerateCVE-2013-1788SUSE bug 806793CVE-2013-1789SUSE Linux Enterprise Server 12
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.
ModerateCVE-2013-1789SUSE bug 806793CVE-2013-1790SUSE Linux Enterprise Server 12
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.
ModerateCVE-2013-1790SUSE bug 806793CVE-2013-1799SUSE Linux Enterprise Server 12
Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.
ModerateCVE-2013-1799SUSE bug 808534CVE-2013-1863SUSE Linux Enterprise Server 12
Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations.
ModerateCVE-2013-1863SUSE bug 809624CVE-2013-1881SUSE Linux Enterprise Server 12
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ModerateCVE-2013-1881SUSE bug 840753CVE-2013-1896SUSE Linux Enterprise Server 12
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
ModerateCVE-2013-1896SUSE bug 829056SUSE bug 829057CVE-2013-1899SUSE Linux Enterprise Server 12
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
ImportantCVE-2013-1899SUSE bug 812525CVE-2013-1900SUSE Linux Enterprise Server 12
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."
ImportantCVE-2013-1900SUSE bug 812525CVE-2013-1901SUSE Linux Enterprise Server 12
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
ImportantCVE-2013-1901SUSE bug 812525CVE-2013-1912SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.
ModerateCVE-2013-1912SUSE bug 830612CVE-2013-1914SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.
ModerateCVE-2013-1914SUSE bug 813121SUSE bug 826666SUSE bug 882910SUSE bug 920055SUSE bug 937231SUSE bug 941444CVE-2013-1917SUSE Linux Enterprise Server 12
Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.
ModerateCVE-2013-1917SUSE bug 813673SUSE bug 840592CVE-2013-1918SUSE Linux Enterprise Server 12
Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal."
ModerateCVE-2013-1918SUSE bug 813673SUSE bug 816159SUSE bug 823011SUSE bug 826882SUSE bug 840592CVE-2013-1919SUSE Linux Enterprise Server 12
Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices."
ModerateCVE-2013-1919SUSE bug 813673SUSE bug 813675SUSE bug 840592CVE-2013-1922SUSE Linux Enterprise Server 12
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.
ModerateCVE-2013-1922SUSE bug 814059SUSE bug 934753SUSE bug 934768CVE-2013-1940SUSE Linux Enterprise Server 12
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.
LowCVE-2013-1940SUSE bug 814653SUSE bug 815870CVE-2013-1944SUSE Linux Enterprise Server 12
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.
ImportantCVE-2013-1944SUSE bug 814655CVE-2013-1952SUSE Linux Enterprise Server 12
Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors.
ModerateCVE-2013-1952SUSE bug 813673SUSE bug 816163SUSE bug 840592CVE-2013-1960SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
ModerateCVE-2013-1960SUSE bug 817573SUSE bug 854393CVE-2013-1961SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.
ModerateCVE-2013-1961SUSE bug 817573SUSE bug 818117SUSE bug 854393CVE-2013-1962SUSE Linux Enterprise Server 12
The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool."
ModerateCVE-2013-1962SUSE bug 820397CVE-2013-1969SUSE Linux Enterprise Server 12
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.
ModerateCVE-2013-1969SUSE bug 815665CVE-2013-1976SUSE Linux Enterprise Server 12
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
ModerateCVE-2013-1976SUSE bug 822177SUSE bug 824284CVE-2013-1981SUSE Linux Enterprise Server 12
Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions.
ModerateCVE-2013-1981SUSE bug 815451SUSE bug 821664CVE-2013-1982SUSE Linux Enterprise Server 12
Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions.
ModerateCVE-2013-1982SUSE bug 815451SUSE bug 821665CVE-2013-1983SUSE Linux Enterprise Server 12
Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function.
ModerateCVE-2013-1983SUSE bug 815451SUSE bug 821667SUSE bug 880221CVE-2013-1984SUSE Linux Enterprise Server 12
Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.
ModerateCVE-2013-1984SUSE bug 815451SUSE bug 821663CVE-2013-1985SUSE Linux Enterprise Server 12
Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function.
ModerateCVE-2013-1985SUSE bug 815451SUSE bug 821663CVE-2013-1986SUSE Linux Enterprise Server 12
Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions.
ModerateCVE-2013-1986SUSE bug 815451SUSE bug 821663CVE-2013-1987SUSE Linux Enterprise Server 12
Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions.
ModerateCVE-2013-1987SUSE bug 815451SUSE bug 821669SUSE bug 880221CVE-2013-1988SUSE Linux Enterprise Server 12
Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions.
ModerateCVE-2013-1988SUSE bug 815451SUSE bug 821663CVE-2013-1989SUSE Linux Enterprise Server 12
Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function.
ModerateCVE-2013-1989SUSE bug 815451SUSE bug 821671SUSE bug 880221CVE-2013-1990SUSE Linux Enterprise Server 12
Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions.
ModerateCVE-2013-1990SUSE bug 815451SUSE bug 821663CVE-2013-1991SUSE Linux Enterprise Server 12
Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions.
ModerateCVE-2013-1991SUSE bug 815451SUSE bug 821663CVE-2013-1992SUSE Linux Enterprise Server 12
Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions.
ModerateCVE-2013-1992SUSE bug 815451SUSE bug 821663CVE-2013-1995SUSE Linux Enterprise Server 12
X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function.
ModerateCVE-2013-1995SUSE bug 815451SUSE bug 821663CVE-2013-1997SUSE Linux Enterprise Server 12
Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.
ModerateCVE-2013-1997SUSE bug 815451SUSE bug 821664SUSE bug 824294CVE-2013-1998SUSE Linux Enterprise Server 12
Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions.
ModerateCVE-2013-1998SUSE bug 815451SUSE bug 821663CVE-2013-1999SUSE Linux Enterprise Server 12
Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function.
ModerateCVE-2013-1999SUSE bug 815451SUSE bug 821663CVE-2013-2000SUSE Linux Enterprise Server 12
Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions.
ModerateCVE-2013-2000SUSE bug 815451SUSE bug 821663CVE-2013-2001SUSE Linux Enterprise Server 12
Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function.
ModerateCVE-2013-2001SUSE bug 815451SUSE bug 821663CVE-2013-2002SUSE Linux Enterprise Server 12
Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function.
ModerateCVE-2013-2002SUSE bug 815451SUSE bug 821670CVE-2013-2003SUSE Linux Enterprise Server 12
Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function.
ModerateCVE-2013-2003SUSE bug 1065386SUSE bug 815451SUSE bug 821663CVE-2013-2004SUSE Linux Enterprise Server 12
The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file.
LowCVE-2013-2004SUSE bug 815451SUSE bug 821664CVE-2013-2005SUSE Linux Enterprise Server 12
X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions.
ModerateCVE-2013-2005SUSE bug 815451SUSE bug 821670CVE-2013-2007SUSE Linux Enterprise Server 12
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
ModerateCVE-2013-2007SUSE bug 818181SUSE bug 818182SUSE bug 818183CVE-2013-2062SUSE Linux Enterprise Server 12
Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3) XpGetPrinterList, and (4) XpQueryScreens functions.
ModerateCVE-2013-2062SUSE bug 815451SUSE bug 821668SUSE bug 880221CVE-2013-2063SUSE Linux Enterprise Server 12
Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function.
ModerateCVE-2013-2063SUSE bug 815451SUSE bug 821663CVE-2013-2064SUSE Linux Enterprise Server 12
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.
ImportantCVE-2013-2064SUSE bug 815451SUSE bug 821584CVE-2013-2066SUSE Linux Enterprise Server 12
Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function.
ModerateCVE-2013-2066SUSE bug 815451SUSE bug 821671SUSE bug 880221CVE-2013-2124SUSE Linux Enterprise Server 12
Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.
ModerateCVE-2013-2124SUSE bug 828006CVE-2013-2132SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
ModerateCVE-2013-2132SUSE bug 822798CVE-2013-2168SUSE Linux Enterprise Server 12
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
ModerateCVE-2013-2168SUSE bug 824607CVE-2013-2174SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.
ModerateCVE-2013-2174SUSE bug 824517SUSE bug 917692CVE-2013-2175SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.
ModerateCVE-2013-2175SUSE bug 825412CVE-2013-2186SUSE Linux Enterprise Server 12
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
ImportantCVE-2013-2186SUSE bug 846174CVE-2013-2207SUSE Linux Enterprise Server 12
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
ModerateCVE-2013-2207SUSE bug 830257CVE-2013-2218SUSE Linux Enterprise Server 12
Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.
ModerateCVE-2013-2218SUSE bug 827741CVE-2013-2230SUSE Linux Enterprise Server 12
The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration."
LowCVE-2013-2230SUSE bug 827801CVE-2013-2249SUSE Linux Enterprise Server 12
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
ModerateCVE-2013-2249SUSE bug 831113CVE-2013-2266SUSE Linux Enterprise Server 12
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
ModerateCVE-2013-2266SUSE bug 811876SUSE bug 811934CVE-2013-2383SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.
ImportantCVE-2013-2383SUSE bug 816720SUSE bug 817157SUSE bug 819288SUSE bug 932310CVE-2013-2384SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2.
ImportantCVE-2013-2384SUSE bug 816720SUSE bug 817157SUSE bug 819288SUSE bug 932310CVE-2013-2407SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
ModerateCVE-2013-2407SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2412SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.
ModerateCVE-2013-2412SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2415SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions.
LowCVE-2013-2415SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-2417SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue.
ModerateCVE-2013-2417SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-2419SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.
ModerateCVE-2013-2419SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-2420SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets.
ImportantCVE-2013-2420SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-2421SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect MethodHandle lookups, which allows remote attackers to bypass Java sandbox restrictions.
ImportantCVE-2013-2421SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-2422SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox.
ModerateCVE-2013-2422SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-2423SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.
ModerateCVE-2013-2423SUSE bug 816720SUSE bug 819288CVE-2013-2424SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator.
ModerateCVE-2013-2424SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-2426SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect invocation of the defaultReadObject method in the ConcurrentHashMap class, which allows remote attackers to bypass the Java sandbox.
ImportantCVE-2013-2426SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-2429SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageWriter state corruption" when using native code, which triggers memory corruption.
ModerateCVE-2013-2429SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-2430SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code.
ModerateCVE-2013-2430SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-2431SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames."
ImportantCVE-2013-2431SUSE bug 816720SUSE bug 817157SUSE bug 819288CVE-2013-2436SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert.
ImportantCVE-2013-2436SUSE bug 816720SUSE bug 819288CVE-2013-2443SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class.
ModerateCVE-2013-2443SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2444SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files.
ModerateCVE-2013-2444SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2445SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors."
ModerateCVE-2013-2445SUSE bug 825624SUSE bug 828665SUSE bug 829708CVE-2013-2446SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.
ModerateCVE-2013-2446SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2447SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.
ModerateCVE-2013-2447SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2448SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
ModerateCVE-2013-2448SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2449SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path.
ModerateCVE-2013-2449SUSE bug 825624SUSE bug 828665SUSE bug 829212CVE-2013-2450SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass.
ModerateCVE-2013-2450SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2451SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use.
LowCVE-2013-2451SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2452SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.
ModerateCVE-2013-2452SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2453SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector.
ModerateCVE-2013-2453SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2454SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
ModerateCVE-2013-2454SUSE bug 825624SUSE bug 828665SUSE bug 829212CVE-2013-2455SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods.
ModerateCVE-2013-2455SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2456SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
ModerateCVE-2013-2456SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2457SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions.
ModerateCVE-2013-2457SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2458SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via "an error related to method handles."
ModerateCVE-2013-2458SUSE bug 825624SUSE bug 828665SUSE bug 829212CVE-2013-2459SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks."
ImportantCVE-2013-2459SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2460SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component.
ImportantCVE-2013-2460SUSE bug 825624SUSE bug 828665SUSE bug 829212CVE-2013-2461SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm."
ModerateCVE-2013-2461SUSE bug 825624SUSE bug 828665SUSE bug 829708CVE-2013-2463SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.
ImportantCVE-2013-2463SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2465SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
ImportantCVE-2013-2465SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2469SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D.
ImportantCVE-2013-2469SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2470SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
ImportantCVE-2013-2470SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2471SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks."
ImportantCVE-2013-2471SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2472SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.
ImportantCVE-2013-2472SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2473SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
ImportantCVE-2013-2473SUSE bug 825624SUSE bug 828665SUSE bug 829212SUSE bug 829708CVE-2013-2475SUSE Linux Enterprise Server 12
The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-2475SUSE bug 807942CVE-2013-2476SUSE Linux Enterprise Server 12
The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short.
ModerateCVE-2013-2476SUSE bug 807942CVE-2013-2477SUSE Linux Enterprise Server 12
The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-2477SUSE bug 807942CVE-2013-2478SUSE Linux Enterprise Server 12
The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string.
ModerateCVE-2013-2478SUSE bug 807942CVE-2013-2479SUSE Linux Enterprise Server 12
The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data.
ModerateCVE-2013-2479SUSE bug 807942CVE-2013-2480SUSE Linux Enterprise Server 12
The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-2480SUSE bug 807942CVE-2013-2481SUSE Linux Enterprise Server 12
Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value.
ModerateCVE-2013-2481SUSE bug 807942CVE-2013-2482SUSE Linux Enterprise Server 12
The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
ModerateCVE-2013-2482SUSE bug 807942CVE-2013-2483SUSE Linux Enterprise Server 12
The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data.
ModerateCVE-2013-2483SUSE bug 807942CVE-2013-2484SUSE Linux Enterprise Server 12
The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-2484SUSE bug 807942CVE-2013-2485SUSE Linux Enterprise Server 12
The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
ModerateCVE-2013-2485SUSE bug 807942CVE-2013-2486SUSE Linux Enterprise Server 12
The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet.
ModerateCVE-2013-2486SUSE bug 807942SUSE bug 820566SUSE bug 820973CVE-2013-2487SUSE Linux Enterprise Server 12
epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486.
ModerateCVE-2013-2487SUSE bug 807942SUSE bug 820566SUSE bug 820973CVE-2013-2488SUSE Linux Enterprise Server 12
The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.
ModerateCVE-2013-2488SUSE bug 807942CVE-2013-2850SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.
ImportantCVE-2013-2850SUSE bug 821560CVE-2013-2944SUSE Linux Enterprise Server 12
strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.
ModerateCVE-2013-2944SUSE bug 815236CVE-2013-3495SUSE Linux Enterprise Server 12
The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI).
ModerateCVE-2013-3495SUSE bug 826717SUSE bug 903970CVE-2013-3555SUSE Linux Enterprise Server 12
epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-3555SUSE bug 820566SUSE bug 820973CVE-2013-3556SUSE Linux Enterprise Server 12
The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-3556SUSE bug 820566SUSE bug 820973CVE-2013-3557SUSE Linux Enterprise Server 12
The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-3557SUSE bug 820566SUSE bug 820973CVE-2013-3558SUSE Linux Enterprise Server 12
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-3558SUSE bug 820566SUSE bug 820973CVE-2013-3559SUSE Linux Enterprise Server 12
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
ModerateCVE-2013-3559SUSE bug 820566SUSE bug 820973CVE-2013-3560SUSE Linux Enterprise Server 12
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-3560SUSE bug 820566SUSE bug 820973CVE-2013-3561SUSE Linux Enterprise Server 12
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
ModerateCVE-2013-3561SUSE bug 820566SUSE bug 820973CVE-2013-3562SUSE Linux Enterprise Server 12
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
ModerateCVE-2013-3562SUSE bug 820566SUSE bug 820973CVE-2013-3571SUSE Linux Enterprise Server 12
socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.
ModerateCVE-2013-3571SUSE bug 821985CVE-2013-3829SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
ImportantCVE-2013-3829SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-4002SUSE Linux Enterprise Server 12
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
ImportantCVE-2013-4002SUSE bug 829212SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-4083SUSE Linux Enterprise Server 12
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-4083SUSE bug 824900SUSE bug 831718CVE-2013-4124SUSE Linux Enterprise Server 12
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
ModerateCVE-2013-4124SUSE bug 829969CVE-2013-4143SUSE Linux Enterprise Server 12
The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.
ModerateCVE-2013-4143SUSE bug 829859CVE-2013-4148SUSE Linux Enterprise Server 12
Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow.
ModerateCVE-2013-4148SUSE bug 864812SUSE bug 871442SUSE bug 964630CVE-2013-4149SUSE Linux Enterprise Server 12
Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.
ModerateCVE-2013-4149SUSE bug 864649SUSE bug 871442SUSE bug 964443CVE-2013-4150SUSE Linux Enterprise Server 12
The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write.
ModerateCVE-2013-4150SUSE bug 864650SUSE bug 871442CVE-2013-4151SUSE Linux Enterprise Server 12
The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.
ModerateCVE-2013-4151SUSE bug 864653SUSE bug 871442SUSE bug 964636CVE-2013-4153SUSE Linux Enterprise Server 12
Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command.
ModerateCVE-2013-4153SUSE bug 830497SUSE bug 830498CVE-2013-4154SUSE Linux Enterprise Server 12
The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command.
ModerateCVE-2013-4154SUSE bug 830498CVE-2013-4231SUSE Linux Enterprise Server 12
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.
ModerateCVE-2013-4231SUSE bug 834477SUSE bug 854393CVE-2013-4232SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.
ModerateCVE-2013-4232SUSE bug 834477SUSE bug 854393CVE-2013-4233SUSE Linux Enterprise Server 12
Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.
ModerateCVE-2013-4233SUSE bug 1022032SUSE bug 834483CVE-2013-4234SUSE Linux Enterprise Server 12
Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.
ModerateCVE-2013-4234SUSE bug 1022032SUSE bug 834483CVE-2013-4237SUSE Linux Enterprise Server 12
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.
ModerateCVE-2013-4237SUSE bug 834594SUSE bug 882910SUSE bug 920055CVE-2013-4238SUSE Linux Enterprise Server 12
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
ModerateCVE-2013-4238SUSE bug 834601SUSE bug 839107SUSE bug 882915CVE-2013-4239SUSE Linux Enterprise Server 12
The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.
ModerateCVE-2013-4239SUSE bug 834598CVE-2013-4242SUSE Linux Enterprise Server 12
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
ModerateCVE-2013-4242SUSE bug 831359CVE-2013-4243SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.
ModerateCVE-2013-4243SUSE bug 834779SUSE bug 854393CVE-2013-4244SUSE Linux Enterprise Server 12
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.
ModerateCVE-2013-4244SUSE bug 834788SUSE bug 854393CVE-2013-4276SUSE Linux Enterprise Server 12
Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility.
ModerateCVE-2013-4276SUSE bug 843716CVE-2013-4282SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
ModerateCVE-2013-4282SUSE bug 848279CVE-2013-4288SUSE Linux Enterprise Server 12
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.
ModerateCVE-2013-4288SUSE bug 1070943SUSE bug 1099031SUSE bug 835827SUSE bug 836931SUSE bug 836932SUSE bug 836937SUSE bug 836939SUSE bug 844967SUSE bug 852368SUSE bug 854144SUSE bug 864716CVE-2013-4296SUSE Linux Enterprise Server 12
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.
ImportantCVE-2013-4296SUSE bug 836931SUSE bug 838638CVE-2013-4297SUSE Linux Enterprise Server 12
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.
ModerateCVE-2013-4297SUSE bug 838642CVE-2013-4311SUSE Linux Enterprise Server 12
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
ModerateCVE-2013-4311SUSE bug 836931SUSE bug 838638SUSE bug 864716CVE-2013-4314SUSE Linux Enterprise Server 12
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
ModerateCVE-2013-4314SUSE bug 839107CVE-2013-4325SUSE Linux Enterprise Server 12
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
ModerateCVE-2013-4325SUSE bug 808355SUSE bug 836931SUSE bug 836932SUSE bug 836937SUSE bug 852368SUSE bug 864716CVE-2013-4326SUSE Linux Enterprise Server 12
RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
ModerateCVE-2013-4326SUSE bug 836931SUSE bug 836932SUSE bug 836937SUSE bug 836939SUSE bug 864716CVE-2013-4332SUSE Linux Enterprise Server 12
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
ModerateCVE-2013-4332SUSE bug 839870SUSE bug 882910CVE-2013-4342SUSE Linux Enterprise Server 12
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.
LowCVE-2013-4342SUSE bug 844230SUSE bug 855685SUSE bug 882917CVE-2013-4351SUSE Linux Enterprise Server 12
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.
LowCVE-2013-4351SUSE bug 840510CVE-2013-4353SUSE Linux Enterprise Server 12
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
ModerateCVE-2013-4353SUSE bug 857640CVE-2013-4355SUSE Linux Enterprise Server 12
Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory.
ModerateCVE-2013-4355SUSE bug 840592CVE-2013-4356SUSE Linux Enterprise Server 12
Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash).
ImportantCVE-2013-4356SUSE bug 840593CVE-2013-4361SUSE Linux Enterprise Server 12
The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction.
ModerateCVE-2013-4361SUSE bug 840592SUSE bug 841766CVE-2013-4375SUSE Linux Enterprise Server 12
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.
LowCVE-2013-4375SUSE bug 840592SUSE bug 842515CVE-2013-4396SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
ImportantCVE-2013-4396SUSE bug 843652CVE-2013-4399SUSE Linux Enterprise Server 12
The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.
ModerateCVE-2013-4399SUSE bug 842300SUSE bug 844052CVE-2013-4400SUSE Linux Enterprise Server 12
virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.
ImportantCVE-2013-4400SUSE bug 837609CVE-2013-4401SUSE Linux Enterprise Server 12
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.
ImportantCVE-2013-4401SUSE bug 845704CVE-2013-4402SUSE Linux Enterprise Server 12
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.
ImportantCVE-2013-4402SUSE bug 844175SUSE bug 941439CVE-2013-4408SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.
ImportantCVE-2013-4408SUSE bug 844720SUSE bug 848101SUSE bug 882906CVE-2013-4416SUSE Linux Enterprise Server 12
The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.
ModerateCVE-2013-4416SUSE bug 840592SUSE bug 845520CVE-2013-4419SUSE Linux Enterprise Server 12
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.
ImportantCVE-2013-4419SUSE bug 845720CVE-2013-4458SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.
ModerateCVE-2013-4458SUSE bug 847227SUSE bug 883217SUSE bug 941444SUSE bug 955181SUSE bug 967023SUSE bug 980483CVE-2013-4473SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
ModerateCVE-2013-4473SUSE bug 847907CVE-2013-4474SUSE Linux Enterprise Server 12
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.
ModerateCVE-2013-4474SUSE bug 847907CVE-2013-4475SUSE Linux Enterprise Server 12
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).
ModerateCVE-2013-4475SUSE bug 848101SUSE bug 880220CVE-2013-4476SUSE Linux Enterprise Server 12
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.
ModerateCVE-2013-4476SUSE bug 848103CVE-2013-4494SUSE Linux Enterprise Server 12
Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.
ModerateCVE-2013-4494SUSE bug 848657CVE-2013-4496SUSE Linux Enterprise Server 12
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.
ModerateCVE-2013-4496SUSE bug 849224SUSE bug 866844CVE-2013-4509SUSE Linux Enterprise Server 12
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
ModerateCVE-2013-4509SUSE bug 847718CVE-2013-4526SUSE Linux Enterprise Server 12
Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports.
ModerateCVE-2013-4526SUSE bug 864671SUSE bug 871442CVE-2013-4527SUSE Linux Enterprise Server 12
Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.
ModerateCVE-2013-4527SUSE bug 864673SUSE bug 871442SUSE bug 964746CVE-2013-4529SUSE Linux Enterprise Server 12
Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image.
ModerateCVE-2013-4529SUSE bug 864678SUSE bug 871442SUSE bug 964929CVE-2013-4530SUSE Linux Enterprise Server 12
Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image.
ModerateCVE-2013-4530SUSE bug 864682SUSE bug 871442SUSE bug 964950CVE-2013-4531SUSE Linux Enterprise Server 12
Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image.
ModerateCVE-2013-4531SUSE bug 864796SUSE bug 871442CVE-2013-4533SUSE Linux Enterprise Server 12
Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image.
ModerateCVE-2013-4533SUSE bug 864655SUSE bug 871442SUSE bug 964644CVE-2013-4534SUSE Linux Enterprise Server 12
Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.
ModerateCVE-2013-4534SUSE bug 864811SUSE bug 871442SUSE bug 964452CVE-2013-4535SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2013-4535SUSE bug 864665SUSE bug 964676CVE-2013-4536SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2013-4536SUSE bug 864665SUSE bug 871442SUSE bug 964676CVE-2013-4537SUSE Linux Enterprise Server 12
The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.
ModerateCVE-2013-4537SUSE bug 864391SUSE bug 871442SUSE bug 962642CVE-2013-4538SUSE Linux Enterprise Server 12
Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image.
ModerateCVE-2013-4538SUSE bug 864769SUSE bug 871442SUSE bug 962335CVE-2013-4539SUSE Linux Enterprise Server 12
Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image.
ModerateCVE-2013-4539SUSE bug 864805SUSE bug 871442SUSE bug 962758CVE-2013-4540SUSE Linux Enterprise Server 12
Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.
ModerateCVE-2013-4540SUSE bug 864801SUSE bug 871442SUSE bug 880751CVE-2013-4541SUSE Linux Enterprise Server 12
The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.
ModerateCVE-2013-4541SUSE bug 864802SUSE bug 871442CVE-2013-4542SUSE Linux Enterprise Server 12
The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access.
ModerateCVE-2013-4542SUSE bug 864804SUSE bug 871442CVE-2013-4544SUSE Linux Enterprise Server 12
hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.
ModerateCVE-2013-4544SUSE bug 873613CVE-2013-4545SUSE Linux Enterprise Server 12
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
ModerateCVE-2013-4545SUSE bug 849596SUSE bug 870444SUSE bug 880252SUSE bug 882520SUSE bug 924250CVE-2013-4549SUSE Linux Enterprise Server 12
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
ModerateCVE-2013-4549SUSE bug 1039291SUSE bug 856832CVE-2013-4551SUSE Linux Enterprise Server 12
Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution."
ModerateCVE-2013-4551SUSE bug 848657SUSE bug 849665CVE-2013-4553SUSE Linux Enterprise Server 12
The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock).
ModerateCVE-2013-4553SUSE bug 848657SUSE bug 849667SUSE bug 849668CVE-2013-4554SUSE Linux Enterprise Server 12
Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2.
ModerateCVE-2013-4554SUSE bug 848657SUSE bug 849668CVE-2013-4566SUSE Linux Enterprise Server 12
mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.
ModerateCVE-2013-4566SUSE bug 853039CVE-2013-4587SUSE Linux Enterprise Server 12
Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.
ImportantCVE-2013-4587SUSE bug 853050SUSE bug 882914CVE-2013-4758SUSE Linux Enterprise Server 12
Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.
ModerateCVE-2013-4758SUSE bug 828140CVE-2013-4854SUSE Linux Enterprise Server 12
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
ModerateCVE-2013-4854SUSE bug 831899CVE-2013-4920SUSE Linux Enterprise Server 12
The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-4920SUSE bug 831718CVE-2013-4921SUSE Linux Enterprise Server 12
Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-4921SUSE bug 831718CVE-2013-4922SUSE Linux Enterprise Server 12
Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-4922SUSE bug 831718CVE-2013-4923SUSE Linux Enterprise Server 12
Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.
ModerateCVE-2013-4923SUSE bug 831718CVE-2013-4924SUSE Linux Enterprise Server 12
epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
ModerateCVE-2013-4924SUSE bug 831718CVE-2013-4925SUSE Linux Enterprise Server 12
Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet.
ModerateCVE-2013-4925SUSE bug 831718CVE-2013-4926SUSE Linux Enterprise Server 12
epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-4926SUSE bug 831718CVE-2013-4927SUSE Linux Enterprise Server 12
Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.
ModerateCVE-2013-4927SUSE bug 831718CVE-2013-4928SUSE Linux Enterprise Server 12
Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
ModerateCVE-2013-4928SUSE bug 831718CVE-2013-4929SUSE Linux Enterprise Server 12
The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet.
ModerateCVE-2013-4929SUSE bug 831718CVE-2013-4930SUSE Linux Enterprise Server 12
The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
ModerateCVE-2013-4930SUSE bug 831718CVE-2013-4931SUSE Linux Enterprise Server 12
epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector.
ModerateCVE-2013-4931SUSE bug 831718CVE-2013-4932SUSE Linux Enterprise Server 12
Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-4932SUSE bug 831718CVE-2013-4933SUSE Linux Enterprise Server 12
The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file.
ModerateCVE-2013-4933SUSE bug 831718CVE-2013-4934SUSE Linux Enterprise Server 12
The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file.
ModerateCVE-2013-4934SUSE bug 831718CVE-2013-4935SUSE Linux Enterprise Server 12
The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-4935SUSE bug 831718CVE-2013-4936SUSE Linux Enterprise Server 12
The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
ModerateCVE-2013-4936SUSE bug 831718CVE-2013-5018SUSE Linux Enterprise Server 12
The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow.
ModerateCVE-2013-5018SUSE bug 833278CVE-2013-5211SUSE Linux Enterprise Server 12
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
ModerateCVE-2013-5211SUSE bug 857195SUSE bug 889447SUSE bug 959243CVE-2013-5590SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2013-5590SUSE bug 847708CVE-2013-5591SUSE Linux Enterprise Server 12
Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2013-5591SUSE bug 847708CVE-2013-5592SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2013-5592SUSE bug 847708CVE-2013-5593SUSE Linux Enterprise Server 12
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element.
ImportantCVE-2013-5593SUSE bug 847708CVE-2013-5595SUSE Linux Enterprise Server 12
The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page.
ImportantCVE-2013-5595SUSE bug 847708CVE-2013-5596SUSE Linux Enterprise Server 12
The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com.
ImportantCVE-2013-5596SUSE bug 847708CVE-2013-5597SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache.
ImportantCVE-2013-5597SUSE bug 847708CVE-2013-5598SUSE Linux Enterprise Server 12
PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object.
ImportantCVE-2013-5598SUSE bug 847708CVE-2013-5599SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event.
ImportantCVE-2013-5599SUSE bug 847708CVE-2013-5600SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL.
ImportantCVE-2013-5600SUSE bug 847708CVE-2013-5601SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API.
ImportantCVE-2013-5601SUSE bug 847708CVE-2013-5602SUSE Linux Enterprise Server 12
The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies.
ImportantCVE-2013-5602SUSE bug 847708CVE-2013-5603SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates.
ImportantCVE-2013-5603SUSE bug 847708CVE-2013-5604SUSE Linux Enterprise Server 12
The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents.
ImportantCVE-2013-5604SUSE bug 847708CVE-2013-5605SUSE Linux Enterprise Server 12
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.
ModerateCVE-2013-5605SUSE bug 850148CVE-2013-5609SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2013-5609SUSE bug 854370CVE-2013-5610SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2013-5610SUSE bug 854370CVE-2013-5611SUSE Linux Enterprise Server 12
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.
ModerateCVE-2013-5611SUSE bug 854370CVE-2013-5612SUSE Linux Enterprise Server 12
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.
ModerateCVE-2013-5612SUSE bug 854370CVE-2013-5613SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.
ModerateCVE-2013-5613SUSE bug 854370CVE-2013-5614SUSE Linux Enterprise Server 12
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.
ModerateCVE-2013-5614SUSE bug 854370CVE-2013-5615SUSE Linux Enterprise Server 12
The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.
ModerateCVE-2013-5615SUSE bug 854370CVE-2013-5616SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.
ModerateCVE-2013-5616SUSE bug 854370CVE-2013-5618SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.
ModerateCVE-2013-5618SUSE bug 854370CVE-2013-5619SUSE Linux Enterprise Server 12
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.
ModerateCVE-2013-5619SUSE bug 854370CVE-2013-5704SUSE Linux Enterprise Server 12
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
LowCVE-2013-5704SUSE bug 871310SUSE bug 914535SUSE bug 915666SUSE bug 930944SUSE bug 938728CVE-2013-5717SUSE Linux Enterprise Server 12
The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c.
ModerateCVE-2013-5717SUSE bug 839607CVE-2013-5718SUSE Linux Enterprise Server 12
The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-5718SUSE bug 839607CVE-2013-5719SUSE Linux Enterprise Server 12
epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
ModerateCVE-2013-5719SUSE bug 839607CVE-2013-5720SUSE Linux Enterprise Server 12
Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-5720SUSE bug 839607CVE-2013-5721SUSE Linux Enterprise Server 12
The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-5721SUSE bug 839607CVE-2013-5722SUSE Linux Enterprise Server 12
Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-5722SUSE bug 839607CVE-2013-5772SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.
ModerateCVE-2013-5772SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5774SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
ImportantCVE-2013-5774SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5778SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
ModerateCVE-2013-5778SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5780SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
ModerateCVE-2013-5780SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5782SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
ImportantCVE-2013-5782SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5783SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing.
ModerateCVE-2013-5783SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5784SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.
ModerateCVE-2013-5784SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5790SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.
ImportantCVE-2013-5790SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5797SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
LowCVE-2013-5797SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5800SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS.
ModerateCVE-2013-5800SUSE bug 846177SUSE bug 846999SUSE bug 849212CVE-2013-5802SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.
ModerateCVE-2013-5802SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5803SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS.
ImportantCVE-2013-5803SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5804SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc.
ModerateCVE-2013-5804SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5805SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5806.
ModerateCVE-2013-5805SUSE bug 846177SUSE bug 846999CVE-2013-5806SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5805.
ModerateCVE-2013-5806SUSE bug 846177SUSE bug 846999CVE-2013-5809SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5829.
ImportantCVE-2013-5809SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5814SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.
ImportantCVE-2013-5814SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5817SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.
ImportantCVE-2013-5817SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5820SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS.
ModerateCVE-2013-5820SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5823SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
ImportantCVE-2013-5823SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5825SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.
ModerateCVE-2013-5825SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5829SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809.
ImportantCVE-2013-5829SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5830SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
ImportantCVE-2013-5830SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5840SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
ModerateCVE-2013-5840SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5842SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850.
ModerateCVE-2013-5842SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5849SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.
ModerateCVE-2013-5849SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5850SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842.
ImportantCVE-2013-5850SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5851SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.
ModerateCVE-2013-5851SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367CVE-2013-5878SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox.
ModerateCVE-2013-5878SUSE bug 858818SUSE bug 862064CVE-2013-5884SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an incorrect check for code permissions by CORBA stub factories.
ModerateCVE-2013-5884SUSE bug 858818SUSE bug 862064CVE-2013-5893SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to improper handling of methods in MethodHandles in HotSpot JVM, which allows attackers to escape the sandbox.
ModerateCVE-2013-5893SUSE bug 858818CVE-2013-5896SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that com.sun.corba.se and its sub-packages are not included on the restricted package list.
ModerateCVE-2013-5896SUSE bug 858818SUSE bug 862064CVE-2013-5907SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted font file.
ModerateCVE-2013-5907SUSE bug 858818SUSE bug 862064CVE-2013-5910SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that CanonicalizerBase.java in the XML canonicalizer allows untrusted code to access mutable byte arrays.
ModerateCVE-2013-5910SUSE bug 858818SUSE bug 862064CVE-2013-6075SUSE Linux Enterprise Server 12
The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.
ImportantCVE-2013-6075SUSE bug 847506CVE-2013-6076SUSE Linux Enterprise Server 12
strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet.
ImportantCVE-2013-6076SUSE bug 847509CVE-2013-6336SUSE Linux Enterprise Server 12
The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-6336CVE-2013-6337SUSE Linux Enterprise Server 12
Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-6337SUSE bug 848738CVE-2013-6338SUSE Linux Enterprise Server 12
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-6338CVE-2013-6339SUSE Linux Enterprise Server 12
The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet.
ModerateCVE-2013-6339CVE-2013-6340SUSE Linux Enterprise Server 12
epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-6340CVE-2013-6367SUSE Linux Enterprise Server 12
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
ModerateCVE-2013-6367SUSE bug 853051CVE-2013-6368SUSE Linux Enterprise Server 12
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
ModerateCVE-2013-6368SUSE bug 853052CVE-2013-6369SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file.
ModerateCVE-2013-6369SUSE bug 870855CVE-2013-6370SUSE Linux Enterprise Server 12
Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.
ModerateCVE-2013-6370SUSE bug 870147CVE-2013-6371SUSE Linux Enterprise Server 12
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.
ModerateCVE-2013-6371SUSE bug 870147CVE-2013-6376SUSE Linux Enterprise Server 12
The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode.
ModerateCVE-2013-6376SUSE bug 853053CVE-2013-6393SUSE Linux Enterprise Server 12
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
ModerateCVE-2013-6393SUSE bug 860617SUSE bug 911782CVE-2013-6399SUSE Linux Enterprise Server 12
Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.
ModerateCVE-2013-6399SUSE bug 864814SUSE bug 871442SUSE bug 964643CVE-2013-6402SUSE Linux Enterprise Server 12
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
ModerateCVE-2013-6402SUSE bug 852368CVE-2013-6405SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7281. Reason: This candidate is a duplicate of CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, and CVE-2013-7281. Notes: All CVE users should reference CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, and/or CVE-2013-7281 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
LowCVE-2013-6405SUSE bug 853040SUSE bug 854722SUSE bug 857643CVE-2013-6418SUSE Linux Enterprise Server 12
PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.
ModerateCVE-2013-6418SUSE bug 856323CVE-2013-6424SUSE Linux Enterprise Server 12
Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
ModerateCVE-2013-6424SUSE bug 853846CVE-2013-6427SUSE Linux Enterprise Server 12
upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.
ModerateCVE-2013-6427SUSE bug 852368SUSE bug 853405SUSE bug 900460SUSE bug 933191CVE-2013-6435SUSE Linux Enterprise Server 12
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
ImportantCVE-2013-6435SUSE bug 1101137SUSE bug 906803SUSE bug 908128CVE-2013-6436SUSE Linux Enterprise Server 12
The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command.
ModerateCVE-2013-6436SUSE bug 854486CVE-2013-6438SUSE Linux Enterprise Server 12
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
ModerateCVE-2013-6438SUSE bug 869105SUSE bug 869106SUSE bug 887765CVE-2013-6442SUSE Linux Enterprise Server 12
The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change.
ModerateCVE-2013-6442SUSE bug 855866CVE-2013-6449SUSE Linux Enterprise Server 12
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
ModerateCVE-2013-6449SUSE bug 856687CVE-2013-6450SUSE Linux Enterprise Server 12
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.
ModerateCVE-2013-6450SUSE bug 857203SUSE bug 861384SUSE bug 986238CVE-2013-6457SUSE Linux Enterprise Server 12
The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.
ModerateCVE-2013-6457SUSE bug 858824CVE-2013-6458SUSE Linux Enterprise Server 12
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.
ModerateCVE-2013-6458SUSE bug 857492CVE-2013-6462SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.
ModerateCVE-2013-6462SUSE bug 854915SUSE bug 882908CVE-2013-6473SUSE Linux Enterprise Server 12
Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.
ModerateCVE-2013-6473SUSE bug 866302CVE-2013-6474SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
ModerateCVE-2013-6474SUSE bug 866302CVE-2013-6475SUSE Linux Enterprise Server 12
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.
ModerateCVE-2013-6475SUSE bug 866302CVE-2013-6476SUSE Linux Enterprise Server 12
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
ModerateCVE-2013-6476SUSE bug 866302CVE-2013-6497SUSE Linux Enterprise Server 12
clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.
ModerateCVE-2013-6497SUSE bug 1040662SUSE bug 906077CVE-2013-6629SUSE Linux Enterprise Server 12
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
ModerateCVE-2013-6629SUSE bug 850430SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2013-6630SUSE Linux Enterprise Server 12
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
ModerateCVE-2013-6630SUSE bug 850430CVE-2013-6671SUSE Linux Enterprise Server 12
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.
ModerateCVE-2013-6671SUSE bug 854370CVE-2013-6672SUSE Linux Enterprise Server 12
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.
ModerateCVE-2013-6672SUSE bug 854370CVE-2013-6673SUSE Linux Enterprise Server 12
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.
ModerateCVE-2013-6673SUSE bug 854370CVE-2013-6954SUSE Linux Enterprise Server 12
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
ModerateCVE-2013-6954SUSE bug 856522SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2013-7112SUSE Linux Enterprise Server 12
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
ImportantCVE-2013-7112SUSE bug 856498CVE-2013-7113SUSE Linux Enterprise Server 12
epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2013-7113SUSE bug 856495CVE-2013-7114SUSE Linux Enterprise Server 12
Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet.
ImportantCVE-2013-7114SUSE bug 856496CVE-2013-7353SUSE Linux Enterprise Server 12
Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.
ModerateCVE-2013-7353SUSE bug 873124CVE-2013-7354SUSE Linux Enterprise Server 12
Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.
ModerateCVE-2013-7354SUSE bug 873123CVE-2013-7423SUSE Linux Enterprise Server 12
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
ModerateCVE-2013-7423SUSE bug 915526CVE-2013-7440SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
ModerateCVE-2013-7440SUSE bug 930189SUSE bug 930207CVE-2013-7446SUSE Linux Enterprise Server 12
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
ModerateCVE-2013-7446SUSE bug 955654SUSE bug 955837CVE-2014-0004SUSE Linux Enterprise Server 12
Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.
ModerateCVE-2014-0004SUSE bug 865854CVE-2014-0011SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2014-0011SUSE bug 869307SUSE bug 900896CVE-2014-0012SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.
ModerateCVE-2014-0012SUSE bug 858239CVE-2014-0015SUSE Linux Enterprise Server 12
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
ModerateCVE-2014-0015SUSE bug 858673SUSE bug 868627SUSE bug 880252SUSE bug 882520SUSE bug 927556SUSE bug 962983CVE-2014-0016SUSE Linux Enterprise Server 12
stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.
ModerateCVE-2014-0016SUSE bug 866278SUSE bug 866286CVE-2014-0019SUSE Linux Enterprise Server 12
Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.
LowCVE-2014-0019SUSE bug 860991SUSE bug 927161CVE-2014-0028SUSE Linux Enterprise Server 12
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.
ModerateCVE-2014-0028SUSE bug 859051CVE-2014-0050SUSE Linux Enterprise Server 12
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
CriticalCVE-2014-0050SUSE bug 862781CVE-2014-0060SUSE Linux Enterprise Server 12
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
ModerateCVE-2014-0060SUSE bug 864845SUSE bug 864856CVE-2014-0061SUSE Linux Enterprise Server 12
The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.
ModerateCVE-2014-0061SUSE bug 864846SUSE bug 864856CVE-2014-0062SUSE Linux Enterprise Server 12
Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.
ModerateCVE-2014-0062SUSE bug 864847SUSE bug 864856CVE-2014-0063SUSE Linux Enterprise Server 12
Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.
ModerateCVE-2014-0063SUSE bug 864850SUSE bug 864856CVE-2014-0064SUSE Linux Enterprise Server 12
Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.
ModerateCVE-2014-0064SUSE bug 864851SUSE bug 864856SUSE bug 871307CVE-2014-0065SUSE Linux Enterprise Server 12
Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.
ModerateCVE-2014-0065SUSE bug 864852SUSE bug 864856CVE-2014-0066SUSE Linux Enterprise Server 12
The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
ModerateCVE-2014-0066SUSE bug 864853SUSE bug 864856CVE-2014-0067SUSE Linux Enterprise Server 12
The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.
LowCVE-2014-0067SUSE bug 864856SUSE bug 872783CVE-2014-00691SUSE Linux Enterprise Server 12
Unknown.
LowCVE-2014-00691CVE-2014-0076SUSE Linux Enterprise Server 12
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
ModerateCVE-2014-0076SUSE bug 869945SUSE bug 880891SUSE bug 883126SUSE bug 905106CVE-2014-0092SUSE Linux Enterprise Server 12
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
ImportantCVE-2014-0092SUSE bug 865804SUSE bug 915878CVE-2014-0098SUSE Linux Enterprise Server 12
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
ModerateCVE-2014-0098SUSE bug 869106SUSE bug 887765CVE-2014-0102SUSE Linux Enterprise Server 12
The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
ModerateCVE-2014-0102SUSE bug 1066001SUSE bug 866842CVE-2014-0105SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."
ModerateCVE-2014-0105SUSE bug 870102CVE-2014-0107SUSE Linux Enterprise Server 12
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
CriticalCVE-2014-0107SUSE bug 870082CVE-2014-0117SUSE Linux Enterprise Server 12
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
ModerateCVE-2014-0117SUSE bug 887767CVE-2014-0118SUSE Linux Enterprise Server 12
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.
ModerateCVE-2014-0118SUSE bug 1078450SUSE bug 1095150SUSE bug 887769CVE-2014-0128SUSE Linux Enterprise Server 12
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.
ModerateCVE-2014-0128SUSE bug 867533CVE-2014-0131SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.
ModerateCVE-2014-0131SUSE bug 824295SUSE bug 867723SUSE bug 869564SUSE bug 889071CVE-2014-0138SUSE Linux Enterprise Server 12
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
ModerateCVE-2014-0138SUSE bug 868627SUSE bug 880252SUSE bug 882520CVE-2014-0139SUSE Linux Enterprise Server 12
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
ModerateCVE-2014-0139SUSE bug 868629SUSE bug 880252SUSE bug 882520CVE-2014-0142SUSE Linux Enterprise Server 12
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.
ImportantCVE-2014-0142SUSE bug 870439SUSE bug 871442CVE-2014-0143SUSE Linux Enterprise Server 12
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.
ImportantCVE-2014-0143SUSE bug 870439SUSE bug 871442CVE-2014-0144SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2014-0144SUSE bug 870439SUSE bug 871442CVE-2014-0145SUSE Linux Enterprise Server 12
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).
ModerateCVE-2014-0145SUSE bug 870439SUSE bug 871442CVE-2014-0146SUSE Linux Enterprise Server 12
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.
ModerateCVE-2014-0146SUSE bug 870439SUSE bug 871442CVE-2014-0147SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2014-0147SUSE bug 870439SUSE bug 871442CVE-2014-0150SUSE Linux Enterprise Server 12
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
ModerateCVE-2014-0150SUSE bug 873235CVE-2014-0160SUSE Linux Enterprise Server 12
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
ImportantCVE-2014-0160SUSE bug 872299CVE-2014-0172SUSE Linux Enterprise Server 12
Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.
ModerateCVE-2014-0172SUSE bug 872785CVE-2014-0178SUSE Linux Enterprise Server 12
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.
ModerateCVE-2014-0178SUSE bug 872396CVE-2014-0179SUSE Linux Enterprise Server 12
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.
ModerateCVE-2014-0179SUSE bug 873705CVE-2014-0182SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.
ModerateCVE-2014-0182SUSE bug 874788SUSE bug 964693CVE-2014-0190SUSE Linux Enterprise Server 12
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
LowCVE-2014-0190SUSE bug 875470CVE-2014-0191SUSE Linux Enterprise Server 12
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.
ImportantCVE-2014-0191SUSE bug 1014873SUSE bug 1123919SUSE bug 876652SUSE bug 877506SUSE bug 996079CVE-2014-0195SUSE Linux Enterprise Server 12
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
ModerateCVE-2014-0195SUSE bug 880891SUSE bug 915913CVE-2014-0196SUSE Linux Enterprise Server 12
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
ModerateCVE-2014-0196SUSE bug 871252SUSE bug 875690SUSE bug 876463SUSE bug 877345SUSE bug 879878SUSE bug 933423CVE-2014-0198SUSE Linux Enterprise Server 12
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
ModerateCVE-2014-0198SUSE bug 876282SUSE bug 880891SUSE bug 915913CVE-2014-0209SUSE Linux Enterprise Server 12
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
ModerateCVE-2014-0209SUSE bug 857544CVE-2014-0210SUSE Linux Enterprise Server 12
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.
ModerateCVE-2014-0210SUSE bug 857544CVE-2014-0211SUSE Linux Enterprise Server 12
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
ModerateCVE-2014-0211SUSE bug 857544CVE-2014-0221SUSE Linux Enterprise Server 12
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
ModerateCVE-2014-0221SUSE bug 880891SUSE bug 883126SUSE bug 905106SUSE bug 915913CVE-2014-0222SUSE Linux Enterprise Server 12
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
ModerateCVE-2014-0222SUSE bug 877642SUSE bug 950367SUSE bug 964925CVE-2014-0223SUSE Linux Enterprise Server 12
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.
ModerateCVE-2014-0223SUSE bug 877645CVE-2014-0224SUSE Linux Enterprise Server 12
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
ImportantCVE-2014-0224SUSE bug 1146657SUSE bug 880891SUSE bug 883126SUSE bug 885777SUSE bug 892403SUSE bug 901237SUSE bug 905018SUSE bug 905106SUSE bug 914447SUSE bug 915913SUSE bug 916239CVE-2014-0226SUSE Linux Enterprise Server 12
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
ModerateCVE-2014-0226SUSE bug 887765CVE-2014-0231SUSE Linux Enterprise Server 12
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
ModerateCVE-2014-0231SUSE bug 887768CVE-2014-0239SUSE Linux Enterprise Server 12
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
ModerateCVE-2014-0239SUSE bug 878642CVE-2014-0244SUSE Linux Enterprise Server 12
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
ModerateCVE-2014-0244SUSE bug 880962SUSE bug 883758CVE-2014-0333SUSE Linux Enterprise Server 12
The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.
ModerateCVE-2014-0333SUSE bug 866298CVE-2014-0368SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox.
ModerateCVE-2014-0368SUSE bug 858818SUSE bug 862064CVE-2014-0373SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox.
ModerateCVE-2014-0373SUSE bug 858818SUSE bug 862064CVE-2014-0376SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories."
ModerateCVE-2014-0376SUSE bug 858818SUSE bug 862064CVE-2014-0408SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
ImportantCVE-2014-0408SUSE bug 858818CVE-2014-0411SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake.
ModerateCVE-2014-0411SUSE bug 858818SUSE bug 862064CVE-2014-0416SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance.
ModerateCVE-2014-0416SUSE bug 858818SUSE bug 862064CVE-2014-0422SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox.
ModerateCVE-2014-0422SUSE bug 858818SUSE bug 862064CVE-2014-0423SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.
ModerateCVE-2014-0423SUSE bug 858818SUSE bug 862064CVE-2014-0428SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
ModerateCVE-2014-0428SUSE bug 858818SUSE bug 862064SUSE bug 877429SUSE bug 877430CVE-2014-0429SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
ModerateCVE-2014-0429SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-0446SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
ModerateCVE-2014-0446SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-0451SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.
ModerateCVE-2014-0451SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-0452SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
ModerateCVE-2014-0452SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-0453SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
ModerateCVE-2014-0453SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-0454SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
ModerateCVE-2014-0454SUSE bug 873873SUSE bug 877429CVE-2014-0455SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.
ImportantCVE-2014-0455SUSE bug 873873SUSE bug 877429CVE-2014-0456SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
ImportantCVE-2014-0456SUSE bug 873872SUSE bug 873873CVE-2014-0457SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
ImportantCVE-2014-0457SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-0458SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
ModerateCVE-2014-0458SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-0459SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
ModerateCVE-2014-0459SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-0460SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.
ModerateCVE-2014-0460SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-0461SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
ImportantCVE-2014-0461SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-0467SUSE Linux Enterprise Server 12
Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.
ModerateCVE-2014-0467SUSE bug 868115CVE-2014-0475SUSE Linux Enterprise Server 12
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
ModerateCVE-2014-0475SUSE bug 887022SUSE bug 896776SUSE bug 916222CVE-2014-0591SUSE Linux Enterprise Server 12
The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.
ModerateCVE-2014-0591SUSE bug 858639CVE-2014-1344SUSE Linux Enterprise Server 12
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
ModerateCVE-2014-1344SUSE bug 879607CVE-2014-1384SUSE Linux Enterprise Server 12
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
ModerateCVE-2014-1384SUSE bug 892084CVE-2014-1385SUSE Linux Enterprise Server 12
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
ModerateCVE-2014-1385SUSE bug 892084CVE-2014-1386SUSE Linux Enterprise Server 12
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
ModerateCVE-2014-1386SUSE bug 892084CVE-2014-1387SUSE Linux Enterprise Server 12
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
ModerateCVE-2014-1387SUSE bug 892084CVE-2014-1388SUSE Linux Enterprise Server 12
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
ModerateCVE-2014-1388SUSE bug 892084CVE-2014-1389SUSE Linux Enterprise Server 12
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
ModerateCVE-2014-1389SUSE bug 892084CVE-2014-1390SUSE Linux Enterprise Server 12
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
ModerateCVE-2014-1390SUSE bug 892084CVE-2014-1447SUSE Linux Enterprise Server 12
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.
ModerateCVE-2014-1447SUSE bug 858817CVE-2014-1477SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2014-1477SUSE bug 861847SUSE bug 862345CVE-2014-1478SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.
ModerateCVE-2014-1478SUSE bug 861847CVE-2014-1479SUSE Linux Enterprise Server 12
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.
ModerateCVE-2014-1479SUSE bug 861847SUSE bug 862348CVE-2014-1480SUSE Linux Enterprise Server 12
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.
ModerateCVE-2014-1480SUSE bug 861847CVE-2014-1481SUSE Linux Enterprise Server 12
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.
ModerateCVE-2014-1481SUSE bug 861847SUSE bug 862309CVE-2014-1482SUSE Linux Enterprise Server 12
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.
ImportantCVE-2014-1482SUSE bug 861847SUSE bug 862356CVE-2014-1483SUSE Linux Enterprise Server 12
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.
ModerateCVE-2014-1483SUSE bug 861847SUSE bug 862360CVE-2014-1484SUSE Linux Enterprise Server 12
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.
ModerateCVE-2014-1484SUSE bug 861847CVE-2014-1485SUSE Linux Enterprise Server 12
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
ModerateCVE-2014-1485SUSE bug 861847CVE-2014-1486SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.
ImportantCVE-2014-1486SUSE bug 861847CVE-2014-1487SUSE Linux Enterprise Server 12
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.
ModerateCVE-2014-1487SUSE bug 861847CVE-2014-1488SUSE Linux Enterprise Server 12
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.
ImportantCVE-2014-1488SUSE bug 861847CVE-2014-1489SUSE Linux Enterprise Server 12
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.
ModerateCVE-2014-1489SUSE bug 861847CVE-2014-1490SUSE Linux Enterprise Server 12
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
ModerateCVE-2014-1490SUSE bug 861847SUSE bug 862300CVE-2014-1491SUSE Linux Enterprise Server 12
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
ModerateCVE-2014-1491SUSE bug 861847SUSE bug 862289CVE-2014-1492SUSE Linux Enterprise Server 12
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
ModerateCVE-2014-1492SUSE bug 869827SUSE bug 926974CVE-2014-1544SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.
ModerateCVE-2014-1544SUSE bug 887746CVE-2014-1545SUSE Linux Enterprise Server 12
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.
ModerateCVE-2014-1545CVE-2014-1547SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2014-1547CVE-2014-1548SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2014-1548SUSE bug 887746CVE-2014-1553SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2014-1553SUSE bug 894370CVE-2014-1554SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2014-1554SUSE bug 894370CVE-2014-1555SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.
ModerateCVE-2014-1555SUSE bug 887746CVE-2014-1556SUSE Linux Enterprise Server 12
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.
ModerateCVE-2014-1556SUSE bug 887746CVE-2014-1557SUSE Linux Enterprise Server 12
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.
ModerateCVE-2014-1557SUSE bug 887746CVE-2014-1562SUSE Linux Enterprise Server 12
Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2014-1562SUSE bug 894370CVE-2014-1563SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection.
ModerateCVE-2014-1563SUSE bug 894370CVE-2014-1564SUSE Linux Enterprise Server 12
Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.
ModerateCVE-2014-1564SUSE bug 894370CVE-2014-1565SUSE Linux Enterprise Server 12
The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted API calls.
ModerateCVE-2014-1565SUSE bug 894370CVE-2014-1567SUSE Linux Enterprise Server 12
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.
ImportantCVE-2014-1567SUSE bug 894370CVE-2014-1568SUSE Linux Enterprise Server 12
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
ModerateCVE-2014-1568SUSE bug 1107874SUSE bug 897890CVE-2014-1569SUSE Linux Enterprise Server 12
The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00.
ModerateCVE-2014-1569SUSE bug 910647SUSE bug 913096SUSE bug 917597CVE-2014-1574SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2014-1574SUSE bug 900941CVE-2014-1575SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors.
ModerateCVE-2014-1575SUSE bug 900941CVE-2014-1576SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style.
ModerateCVE-2014-1576SUSE bug 900941CVE-2014-1577SUSE Linux Enterprise Server 12
The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value.
ModerateCVE-2014-1577SUSE bug 900941CVE-2014-1578SUSE Linux Enterprise Server 12
The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback.
ModerateCVE-2014-1578SUSE bug 900941CVE-2014-1581SUSE Linux Enterprise Server 12
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.
ModerateCVE-2014-1581SUSE bug 900941CVE-2014-1583SUSE Linux Enterprise Server 12
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.
ModerateCVE-2014-1583SUSE bug 900941CVE-2014-1585SUSE Linux Enterprise Server 12
The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming.
ModerateCVE-2014-1585SUSE bug 900941CVE-2014-1586SUSE Linux Enterprise Server 12
content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away.
ModerateCVE-2014-1586SUSE bug 900941CVE-2014-1587SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2014-1587SUSE bug 908009CVE-2014-1588SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2014-1588SUSE bug 908009CVE-2014-1590SUSE Linux Enterprise Server 12
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.
ModerateCVE-2014-1590SUSE bug 908009CVE-2014-1592SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.
ImportantCVE-2014-1592SUSE bug 908009CVE-2014-1593SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content.
ImportantCVE-2014-1593SUSE bug 908009CVE-2014-1594SUSE Linux Enterprise Server 12
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.
ModerateCVE-2014-1594SUSE bug 908009CVE-2014-1595SUSE Linux Enterprise Server 12
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information.
ModerateCVE-2014-1595SUSE bug 908009CVE-2014-1829SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
LowCVE-2014-1829SUSE bug 897658CVE-2014-1830SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.
LowCVE-2014-1830SUSE bug 897658CVE-2014-1876SUSE Linux Enterprise Server 12
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
ModerateCVE-2014-1876SUSE bug 863305SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-1912SUSE Linux Enterprise Server 12
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
ImportantCVE-2014-1912SUSE bug 1049392SUSE bug 1049422SUSE bug 863741SUSE bug 882915CVE-2014-1932SUSE Linux Enterprise Server 12
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.
ModerateCVE-2014-1932SUSE bug 863541SUSE bug 921566CVE-2014-1959SUSE Linux Enterprise Server 12
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
ModerateCVE-2014-1959SUSE bug 863989SUSE bug 865993CVE-2014-2015SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
ModerateCVE-2014-2015SUSE bug 864576CVE-2014-2240SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.
ModerateCVE-2014-2240SUSE bug 867620SUSE bug 916867CVE-2014-2241SUSE Linux Enterprise Server 12
The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.
ModerateCVE-2014-2241SUSE bug 867620CVE-2014-2281SUSE Linux Enterprise Server 12
The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.
ModerateCVE-2014-2281SUSE bug 867485CVE-2014-2282SUSE Linux Enterprise Server 12
The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet.
ModerateCVE-2014-2282SUSE bug 867485CVE-2014-2283SUSE Linux Enterprise Server 12
epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet.
ModerateCVE-2014-2283SUSE bug 867485CVE-2014-2284SUSE Linux Enterprise Server 12
The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.
ModerateCVE-2014-2284SUSE bug 866942SUSE bug 875217CVE-2014-2285SUSE Linux Enterprise Server 12
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.
ModerateCVE-2014-2285SUSE bug 866942SUSE bug 875217CVE-2014-2299SUSE Linux Enterprise Server 12
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
ModerateCVE-2014-2299SUSE bug 867485CVE-2014-2338SUSE Linux Enterprise Server 12
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.
ModerateCVE-2014-2338SUSE bug 870572CVE-2014-2397SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
ImportantCVE-2014-2397SUSE bug 873872SUSE bug 873873CVE-2014-2398SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
LowCVE-2014-2398SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-2402SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.
ModerateCVE-2014-2402SUSE bug 873873SUSE bug 877429CVE-2014-2403SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
ModerateCVE-2014-2403SUSE bug 873872SUSE bug 873873CVE-2014-2412SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.
ModerateCVE-2014-2412SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-2413SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.
ModerateCVE-2014-2413SUSE bug 873873CVE-2014-2414SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.
ModerateCVE-2014-2414SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-2421SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
ImportantCVE-2014-2421SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-2423SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
ModerateCVE-2014-2423SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-2427SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
ModerateCVE-2014-2427SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430CVE-2014-2483SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations."
ModerateCVE-2014-2483SUSE bug 887530CVE-2014-2490SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
ModerateCVE-2014-2490SUSE bug 887530CVE-2014-2494SUSE Linux Enterprise Server 12
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.
ModerateCVE-2014-2494SUSE bug 887580SUSE bug 915914CVE-2014-2497SUSE Linux Enterprise Server 12
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
LowCVE-2014-2497SUSE bug 868624CVE-2014-2523SUSE Linux Enterprise Server 12
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
ImportantCVE-2014-2523SUSE bug 868653CVE-2014-2524SUSE Linux Enterprise Server 12
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
LowCVE-2014-2524SUSE bug 868822CVE-2014-2525SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
ModerateCVE-2014-2525SUSE bug 868944SUSE bug 911782CVE-2014-2583SUSE Linux Enterprise Server 12
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.
ModerateCVE-2014-2583SUSE bug 870433CVE-2014-2653SUSE Linux Enterprise Server 12
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
ModerateCVE-2014-2653SUSE bug 1074631SUSE bug 870532SUSE bug 913479SUSE bug 916239CVE-2014-2667SUSE Linux Enterprise Server 12
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.
ModerateCVE-2014-2667SUSE bug 871152CVE-2014-2707SUSE Linux Enterprise Server 12
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
ModerateCVE-2014-2707SUSE bug 871327SUSE bug 883543SUSE bug 921753SUSE bug 937018CVE-2014-2855SUSE Linux Enterprise Server 12
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.
ModerateCVE-2014-2855SUSE bug 873740CVE-2014-2856SUSE Linux Enterprise Server 12
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.
ModerateCVE-2014-2856SUSE bug 873899CVE-2014-2892SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.
ImportantCVE-2014-2892SUSE bug 874723CVE-2014-2907SUSE Linux Enterprise Server 12
The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2014-2907SUSE bug 874693SUSE bug 874760CVE-2014-2977SUSE Linux Enterprise Server 12
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.
CriticalCVE-2014-2977SUSE bug 878345CVE-2014-2978SUSE Linux Enterprise Server 12
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.
ImportantCVE-2014-2978SUSE bug 878349CVE-2014-3065SUSE Linux Enterprise Server 12
Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.
ModerateCVE-2014-3065SUSE bug 904889SUSE bug 930365CVE-2014-3124SUSE Linux Enterprise Server 12
The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.
ModerateCVE-2014-3124SUSE bug 875668SUSE bug 880751SUSE bug 903970CVE-2014-3158SUSE Linux Enterprise Server 12
Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables."
ModerateCVE-2014-3158SUSE bug 891489SUSE bug 969773CVE-2014-3185SUSE Linux Enterprise Server 12
Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.
ModerateCVE-2014-3185SUSE bug 896391CVE-2014-3230SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ImportantCVE-2014-3230SUSE bug 876862CVE-2014-3421SUSE Linux Enterprise Server 12
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
ModerateCVE-2014-3421SUSE bug 876847CVE-2014-3422SUSE Linux Enterprise Server 12
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
ModerateCVE-2014-3422SUSE bug 876847CVE-2014-3423SUSE Linux Enterprise Server 12
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
ModerateCVE-2014-3423SUSE bug 876847CVE-2014-3424SUSE Linux Enterprise Server 12
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
ModerateCVE-2014-3424SUSE bug 876847CVE-2014-3430SUSE Linux Enterprise Server 12
Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.
ModerateCVE-2014-3430SUSE bug 877255CVE-2014-3461SUSE Linux Enterprise Server 12
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."
ModerateCVE-2014-3461SUSE bug 878541CVE-2014-3466SUSE Linux Enterprise Server 12
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
ModerateCVE-2014-3466SUSE bug 880730CVE-2014-3467SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
ModerateCVE-2014-3467SUSE bug 880737SUSE bug 880910CVE-2014-3468SUSE Linux Enterprise Server 12
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
ModerateCVE-2014-3468SUSE bug 880735SUSE bug 880910CVE-2014-3469SUSE Linux Enterprise Server 12
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
ModerateCVE-2014-3469SUSE bug 880738SUSE bug 880910CVE-2014-3470SUSE Linux Enterprise Server 12
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
ModerateCVE-2014-3470SUSE bug 880891SUSE bug 883126SUSE bug 885777SUSE bug 905106SUSE bug 915913CVE-2014-3477SUSE Linux Enterprise Server 12
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.
ModerateCVE-2014-3477SUSE bug 1010769SUSE bug 881137CVE-2014-3493SUSE Linux Enterprise Server 12
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.
ModerateCVE-2014-3493SUSE bug 878642SUSE bug 880962SUSE bug 883758CVE-2014-3499SUSE Linux Enterprise Server 12
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.
ImportantCVE-2014-3499SUSE bug 885209CVE-2014-3505SUSE Linux Enterprise Server 12
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.
ImportantCVE-2014-3505SUSE bug 890759SUSE bug 890764SUSE bug 890767SUSE bug 905106CVE-2014-3506SUSE Linux Enterprise Server 12
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.
ImportantCVE-2014-3506SUSE bug 890759SUSE bug 890764SUSE bug 890768SUSE bug 905106CVE-2014-3507SUSE Linux Enterprise Server 12
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.
ImportantCVE-2014-3507SUSE bug 890759SUSE bug 890764SUSE bug 890769SUSE bug 905106CVE-2014-3508SUSE Linux Enterprise Server 12
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.
ImportantCVE-2014-3508SUSE bug 890759SUSE bug 890764SUSE bug 905106SUSE bug 950708CVE-2014-3509SUSE Linux Enterprise Server 12
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.
ImportantCVE-2014-3509SUSE bug 890759SUSE bug 890766CVE-2014-3510SUSE Linux Enterprise Server 12
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.
ImportantCVE-2014-3510SUSE bug 890759SUSE bug 890764SUSE bug 890770SUSE bug 905106CVE-2014-3511SUSE Linux Enterprise Server 12
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.
ImportantCVE-2014-3511SUSE bug 890759SUSE bug 890771CVE-2014-3512SUSE Linux Enterprise Server 12
Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.
ImportantCVE-2014-3512SUSE bug 890759SUSE bug 890772CVE-2014-3513SUSE Linux Enterprise Server 12
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
ModerateCVE-2014-3513SUSE bug 901277SUSE bug 902912SUSE bug 903690SUSE bug 903692CVE-2014-3523SUSE Linux Enterprise Server 12
Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.
ImportantCVE-2014-3523CVE-2014-3532SUSE Linux Enterprise Server 12
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.
ModerateCVE-2014-3532SUSE bug 885241CVE-2014-3533SUSE Linux Enterprise Server 12
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
ModerateCVE-2014-3533SUSE bug 885241CVE-2014-3534SUSE Linux Enterprise Server 12
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.
ImportantCVE-2014-3534SUSE bug 885460CVE-2014-3537SUSE Linux Enterprise Server 12
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
ModerateCVE-2014-3537SUSE bug 887240CVE-2014-3540SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0114. Reason: This candidate is a duplicate of CVE-2014-0114. CVE abstraction content decisions did not require a second ID. Notes: All CVE users should reference CVE-2014-0114 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ImportantCVE-2014-3540SUSE bug 885963CVE-2014-3555SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.
LowCVE-2014-3555SUSE bug 887348CVE-2014-3560SUSE Linux Enterprise Server 12
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
ImportantCVE-2014-3560SUSE bug 889429CVE-2014-3564SUSE Linux Enterprise Server 12
Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."
ModerateCVE-2014-3564SUSE bug 890123CVE-2014-3565SUSE Linux Enterprise Server 12
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.
ModerateCVE-2014-3565SUSE bug 894361CVE-2014-3566SUSE Linux Enterprise Server 12
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
ModerateCVE-2014-3566SUSE bug 1011293SUSE bug 1031023SUSE bug 901223SUSE bug 901254SUSE bug 901277SUSE bug 901748SUSE bug 901757SUSE bug 901759SUSE bug 901889SUSE bug 901968SUSE bug 902229SUSE bug 902476SUSE bug 902912SUSE bug 903405SUSE bug 903684SUSE bug 903690SUSE bug 903692SUSE bug 904889SUSE bug 905106SUSE bug 914041CVE-2014-3567SUSE Linux Enterprise Server 12
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
ImportantCVE-2014-3567SUSE bug 877506SUSE bug 901277SUSE bug 902912SUSE bug 903690SUSE bug 903692SUSE bug 905106CVE-2014-3568SUSE Linux Enterprise Server 12
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.
LowCVE-2014-3568SUSE bug 901277SUSE bug 902912SUSE bug 905106SUSE bug 911399SUSE bug 986238CVE-2014-3570SUSE Linux Enterprise Server 12
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
ModerateCVE-2014-3570SUSE bug 912296SUSE bug 920339SUSE bug 927623SUSE bug 937891SUSE bug 944456CVE-2014-3571SUSE Linux Enterprise Server 12
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.
ModerateCVE-2014-3571SUSE bug 912294SUSE bug 920339SUSE bug 927623CVE-2014-3572SUSE Linux Enterprise Server 12
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.
ModerateCVE-2014-3572SUSE bug 912015SUSE bug 920339SUSE bug 927623SUSE bug 937891CVE-2014-3581SUSE Linux Enterprise Server 12
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.
LowCVE-2014-3581SUSE bug 899836SUSE bug 914956CVE-2014-3591SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2014-3591SUSE bug 920057SUSE bug 949135CVE-2014-3610SUSE Linux Enterprise Server 12
The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.
ModerateCVE-2014-3610SUSE bug 899192CVE-2014-3611SUSE Linux Enterprise Server 12
Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.
ImportantCVE-2014-3611SUSE bug 899192CVE-2014-3613SUSE Linux Enterprise Server 12
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.
ModerateCVE-2014-3613SUSE bug 894575CVE-2014-3615SUSE Linux Enterprise Server 12
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
ModerateCVE-2014-3615SUSE bug 895528SUSE bug 918998CVE-2014-3618SUSE Linux Enterprise Server 12
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
ModerateCVE-2014-3618SUSE bug 1068648SUSE bug 894999SUSE bug 898303CVE-2014-3620SUSE Linux Enterprise Server 12
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.
ModerateCVE-2014-3620SUSE bug 894575SUSE bug 895991CVE-2014-3633SUSE Linux Enterprise Server 12
The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.
LowCVE-2014-3633SUSE bug 897783CVE-2014-3634SUSE Linux Enterprise Server 12
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.
ImportantCVE-2014-3634SUSE bug 897262SUSE bug 899756CVE-2014-3635SUSE Linux Enterprise Server 12
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.
ModerateCVE-2014-3635SUSE bug 896453CVE-2014-3636SUSE Linux Enterprise Server 12
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
ModerateCVE-2014-3636SUSE bug 896453SUSE bug 904017CVE-2014-3637SUSE Linux Enterprise Server 12
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
ModerateCVE-2014-3637SUSE bug 896453CVE-2014-3638SUSE Linux Enterprise Server 12
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
ModerateCVE-2014-3638SUSE bug 896453SUSE bug 902912SUSE bug 903055SUSE bug 903057CVE-2014-3639SUSE Linux Enterprise Server 12
The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
ModerateCVE-2014-3639SUSE bug 896453SUSE bug 902912SUSE bug 903055SUSE bug 903057CVE-2014-3640SUSE Linux Enterprise Server 12
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
CVE-2014-3640SUSE bug 897654SUSE bug 965112CVE-2014-3641SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.
ModerateCVE-2014-3641SUSE bug 899198CVE-2014-3647SUSE Linux Enterprise Server 12
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
ModerateCVE-2014-3647SUSE bug 1013038SUSE bug 1134834SUSE bug 899192CVE-2014-3657SUSE Linux Enterprise Server 12
The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.
ModerateCVE-2014-3657SUSE bug 897783SUSE bug 899484CVE-2014-3660SUSE Linux Enterprise Server 12
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
ModerateCVE-2014-3660SUSE bug 1123919SUSE bug 901546CVE-2014-3673SUSE Linux Enterprise Server 12
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
ImportantCVE-2014-3673SUSE bug 902346SUSE bug 902349SUSE bug 904899CVE-2014-3675SUSE Linux Enterprise Server 12
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
ModerateCVE-2014-3675SUSE bug 889332CVE-2014-3676SUSE Linux Enterprise Server 12
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
ModerateCVE-2014-3676SUSE bug 889332CVE-2014-3677SUSE Linux Enterprise Server 12
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
ModerateCVE-2014-3677SUSE bug 889332CVE-2014-3683SUSE Linux Enterprise Server 12
Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.
ModerateCVE-2014-3683SUSE bug 897262SUSE bug 899756CVE-2014-3686SUSE Linux Enterprise Server 12
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
ModerateCVE-2014-3686SUSE bug 1063667SUSE bug 900611SUSE bug 915323CVE-2014-3687SUSE Linux Enterprise Server 12
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
ImportantCVE-2014-3687SUSE bug 902349SUSE bug 904899SUSE bug 909208CVE-2014-3689SUSE Linux Enterprise Server 12
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
ModerateCVE-2014-3689SUSE bug 901508SUSE bug 962611CVE-2014-3690SUSE Linux Enterprise Server 12
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.
ModerateCVE-2014-3690SUSE bug 902232CVE-2014-3707SUSE Linux Enterprise Server 12
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
ModerateCVE-2014-3707SUSE bug 901924SUSE bug 951391CVE-2014-3710SUSE Linux Enterprise Server 12
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
ModerateCVE-2014-3710SUSE bug 902367SUSE bug 910252CVE-2014-3917SUSE Linux Enterprise Server 12
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
ModerateCVE-2014-3917SUSE bug 880484CVE-2014-3940SUSE Linux Enterprise Server 12
The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.
ModerateCVE-2014-3940SUSE bug 881101CVE-2014-3970SUSE Linux Enterprise Server 12
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.
CVE-2014-3970SUSE bug 881524CVE-2014-4020SUSE Linux Enterprise Server 12
The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2014-4020SUSE bug 882602CVE-2014-4038SUSE Linux Enterprise Server 12
ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.
ModerateCVE-2014-4038SUSE bug 882667CVE-2014-4039SUSE Linux Enterprise Server 12
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.
ModerateCVE-2014-4039SUSE bug 882667CVE-2014-4040SUSE Linux Enterprise Server 12
snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
ModerateCVE-2014-4040SUSE bug 883174CVE-2014-4043SUSE Linux Enterprise Server 12
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
ModerateCVE-2014-4043SUSE bug 882600SUSE bug 939797CVE-2014-4171SUSE Linux Enterprise Server 12
mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.
ModerateCVE-2014-4171SUSE bug 883518CVE-2014-4207SUSE Linux Enterprise Server 12
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.
ModerateCVE-2014-4207SUSE bug 887580SUSE bug 915914CVE-2014-4209SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX.
ModerateCVE-2014-4209SUSE bug 887530SUSE bug 891699SUSE bug 891700SUSE bug 891701CVE-2014-4216SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
ModerateCVE-2014-4216SUSE bug 887530CVE-2014-4218SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.
ModerateCVE-2014-4218SUSE bug 887530SUSE bug 891699SUSE bug 891700SUSE bug 891701CVE-2014-4219SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
ModerateCVE-2014-4219SUSE bug 887530SUSE bug 891699SUSE bug 891700SUSE bug 891701CVE-2014-4221SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
ModerateCVE-2014-4221SUSE bug 887530SUSE bug 891701CVE-2014-4223SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483.
ModerateCVE-2014-4223SUSE bug 887530CVE-2014-4244SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
ModerateCVE-2014-4244SUSE bug 887530SUSE bug 891699SUSE bug 891700SUSE bug 891701CVE-2014-4252SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security.
ModerateCVE-2014-4252SUSE bug 887530SUSE bug 891699SUSE bug 891700SUSE bug 891701CVE-2014-4258SUSE Linux Enterprise Server 12
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
ModerateCVE-2014-4258SUSE bug 887580SUSE bug 915914CVE-2014-4260SUSE Linux Enterprise Server 12
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
ModerateCVE-2014-4260SUSE bug 887580SUSE bug 915914CVE-2014-4262SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
ModerateCVE-2014-4262SUSE bug 887530SUSE bug 891699SUSE bug 891700SUSE bug 891701CVE-2014-4263SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."
ModerateCVE-2014-4263SUSE bug 887530SUSE bug 891699SUSE bug 891700SUSE bug 891701CVE-2014-4264SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.
ModerateCVE-2014-4264SUSE bug 887530CVE-2014-4266SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.
ModerateCVE-2014-4266SUSE bug 887530SUSE bug 891701CVE-2014-4268SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
ModerateCVE-2014-4268SUSE bug 887530SUSE bug 891699SUSE bug 891700SUSE bug 891701CVE-2014-4274SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.
ModerateCVE-2014-4274SUSE bug 857678SUSE bug 896400SUSE bug 901237SUSE bug 915913CVE-2014-4287SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.
ModerateCVE-2014-4287SUSE bug 901237SUSE bug 915913CVE-2014-4288SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
ModerateCVE-2014-4288SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-4336SUSE Linux Enterprise Server 12
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
ModerateCVE-2014-4336SUSE bug 871327SUSE bug 883543CVE-2014-4337SUSE Linux Enterprise Server 12
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
ModerateCVE-2014-4337SUSE bug 871327SUSE bug 883543CVE-2014-4338SUSE Linux Enterprise Server 12
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.
ModerateCVE-2014-4338SUSE bug 871327SUSE bug 883536CVE-2014-4341SUSE Linux Enterprise Server 12
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
ModerateCVE-2014-4341SUSE bug 770172SUSE bug 886016CVE-2014-4342SUSE Linux Enterprise Server 12
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
ModerateCVE-2014-4342SUSE bug 770172SUSE bug 886016CVE-2014-4343SUSE Linux Enterprise Server 12
Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.
ModerateCVE-2014-4343SUSE bug 770172SUSE bug 888697CVE-2014-4344SUSE Linux Enterprise Server 12
The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.
ModerateCVE-2014-4344SUSE bug 888697CVE-2014-4345SUSE Linux Enterprise Server 12
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.
ImportantCVE-2014-4345SUSE bug 770172SUSE bug 891082CVE-2014-4607SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2014-4607SUSE bug 883947CVE-2014-4617SUSE Linux Enterprise Server 12
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
ModerateCVE-2014-4617SUSE bug 884130CVE-2014-4650SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2014-4650SUSE bug 885882CVE-2014-4652SUSE Linux Enterprise Server 12
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
LowCVE-2014-4652SUSE bug 883795CVE-2014-4653SUSE Linux Enterprise Server 12
sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
ModerateCVE-2014-4653SUSE bug 883795CVE-2014-4654SUSE Linux Enterprise Server 12
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.
ModerateCVE-2014-4654SUSE bug 883795CVE-2014-4655SUSE Linux Enterprise Server 12
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.
ModerateCVE-2014-4655SUSE bug 883795CVE-2014-4656SUSE Linux Enterprise Server 12
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.
ModerateCVE-2014-4656SUSE bug 883795CVE-2014-4699SUSE Linux Enterprise Server 12
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
ModerateCVE-2014-4699SUSE bug 885725CVE-2014-4877SUSE Linux Enterprise Server 12
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
ImportantCVE-2014-4877SUSE bug 902709SUSE bug 910180SUSE bug 911056SUSE bug 915835CVE-2014-4910SUSE Linux Enterprise Server 12
Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name.
ModerateCVE-2014-4910CVE-2014-4943SUSE Linux Enterprise Server 12
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
ImportantCVE-2014-4943SUSE bug 887082CVE-2014-5029SUSE Linux Enterprise Server 12
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.
CVE-2014-5029SUSE bug 887240CVE-2014-5030SUSE Linux Enterprise Server 12
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
CVE-2014-5030SUSE bug 887240CVE-2014-5031SUSE Linux Enterprise Server 12
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
CVE-2014-5031SUSE bug 887240CVE-2014-5044SUSE Linux Enterprise Server 12
Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.
ModerateCVE-2014-5044SUSE bug 888791CVE-2014-5045SUSE Linux Enterprise Server 12
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.
ModerateCVE-2014-5045SUSE bug 889060CVE-2014-5077SUSE Linux Enterprise Server 12
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
ImportantCVE-2014-5077SUSE bug 889173CVE-2014-5119SUSE Linux Enterprise Server 12
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
ModerateCVE-2014-5119SUSE bug 892073SUSE bug 903057SUSE bug 916222SUSE bug 920055CVE-2014-5139SUSE Linux Enterprise Server 12
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.
ImportantCVE-2014-5139SUSE bug 886831SUSE bug 890759SUSE bug 890765CVE-2014-5146SUSE Linux Enterprise Server 12
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.
ModerateCVE-2014-5146SUSE bug 889526SUSE bug 903970SUSE bug 918998SUSE bug 950367CVE-2014-5149SUSE Linux Enterprise Server 12
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146.
ModerateCVE-2014-5149SUSE bug 889526SUSE bug 903970SUSE bug 918998SUSE bug 950367CVE-2014-5161SUSE Linux Enterprise Server 12
The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.
ModerateCVE-2014-5161SUSE bug 889854SUSE bug 889901CVE-2014-5162SUSE Linux Enterprise Server 12
The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet.
ModerateCVE-2014-5162SUSE bug 889854SUSE bug 889901CVE-2014-5163SUSE Linux Enterprise Server 12
The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2014-5163SUSE bug 889854SUSE bug 889906CVE-2014-5164SUSE Linux Enterprise Server 12
The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2014-5164SUSE bug 889854SUSE bug 889900CVE-2014-5165SUSE Linux Enterprise Server 12
The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.
ModerateCVE-2014-5165SUSE bug 889854SUSE bug 889899CVE-2014-5206SUSE Linux Enterprise Server 12
The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace.
ModerateCVE-2014-5206SUSE bug 891689CVE-2014-5207SUSE Linux Enterprise Server 12
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.
ModerateCVE-2014-5207SUSE bug 891689CVE-2014-5277SUSE Linux Enterprise Server 12
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.
ModerateCVE-2014-5277SUSE bug 904165CVE-2014-5282SUSE Linux Enterprise Server 12
Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.
ImportantCVE-2014-5282SUSE bug 902413CVE-2014-5351SUSE Linux Enterprise Server 12
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
ModerateCVE-2014-5351SUSE bug 897874CVE-2014-5352SUSE Linux Enterprise Server 12
The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.
ModerateCVE-2014-5352SUSE bug 1005509SUSE bug 770172SUSE bug 912002CVE-2014-5353SUSE Linux Enterprise Server 12
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.
LowCVE-2014-5353SUSE bug 910457CVE-2014-5354SUSE Linux Enterprise Server 12
plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command.
LowCVE-2014-5354SUSE bug 910458CVE-2014-5355SUSE Linux Enterprise Server 12
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.
ModerateCVE-2014-5355SUSE bug 770172SUSE bug 918595CVE-2014-5461SUSE Linux Enterprise Server 12
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
ModerateCVE-2014-5461SUSE bug 893824CVE-2014-5471SUSE Linux Enterprise Server 12
Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.
ModerateCVE-2014-5471SUSE bug 892490CVE-2014-5472SUSE Linux Enterprise Server 12
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.
ModerateCVE-2014-5472SUSE bug 892490CVE-2014-6040SUSE Linux Enterprise Server 12
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
ModerateCVE-2014-6040SUSE bug 894553SUSE bug 903057SUSE bug 916222CVE-2014-6051SUSE Linux Enterprise Server 12
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
ModerateCVE-2014-6051SUSE bug 897031SUSE bug 900896CVE-2014-6052SUSE Linux Enterprise Server 12
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
ModerateCVE-2014-6052SUSE bug 897031CVE-2014-6053SUSE Linux Enterprise Server 12
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
ModerateCVE-2014-6053SUSE bug 897031CVE-2014-6054SUSE Linux Enterprise Server 12
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
ModerateCVE-2014-6054SUSE bug 897031CVE-2014-6055SUSE Linux Enterprise Server 12
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
ModerateCVE-2014-6055SUSE bug 897031CVE-2014-6268SUSE Linux Enterprise Server 12
The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.
ModerateCVE-2014-6268SUSE bug 895804CVE-2014-6269SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.
ModerateCVE-2014-6269SUSE bug 895849CVE-2014-6270SUSE Linux Enterprise Server 12
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
ModerateCVE-2014-6270SUSE bug 895773CVE-2014-6271SUSE Linux Enterprise Server 12
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CriticalCVE-2014-6271SUSE bug 1024628SUSE bug 1130324SUSE bug 870618SUSE bug 896776SUSE bug 898346SUSE bug 898604SUSE bug 898664SUSE bug 898762SUSE bug 898812SUSE bug 898884SUSE bug 900057SUSE bug 900127SUSE bug 900454CVE-2014-6272SUSE Linux Enterprise Server 12
Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.
ModerateCVE-2014-6272SUSE bug 1041410SUSE bug 897243SUSE bug 943011SUSE bug 947373CVE-2014-6407SUSE Linux Enterprise Server 12
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
ModerateCVE-2014-6407SUSE bug 907012CVE-2014-6408SUSE Linux Enterprise Server 12
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.
ModerateCVE-2014-6408SUSE bug 907014CVE-2014-6414SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.
ModerateCVE-2014-6414SUSE bug 896780CVE-2014-6456SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
ModerateCVE-2014-6456SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6457SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
ModerateCVE-2014-6457SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6458SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
ModerateCVE-2014-6458SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6463SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.
ModerateCVE-2014-6463SUSE bug 901237SUSE bug 915913CVE-2014-6464SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.
ModerateCVE-2014-6464SUSE bug 901237SUSE bug 915912CVE-2014-6466SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
ModerateCVE-2014-6466SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6469SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.
ModerateCVE-2014-6469SUSE bug 901237SUSE bug 915912CVE-2014-6474SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.
ModerateCVE-2014-6474SUSE bug 901237SUSE bug 915913CVE-2014-6476SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527.
ModerateCVE-2014-6476SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6478SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.
ModerateCVE-2014-6478SUSE bug 901237SUSE bug 915913CVE-2014-6484SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.
ModerateCVE-2014-6484SUSE bug 901237SUSE bug 915913CVE-2014-6489SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.
ModerateCVE-2014-6489SUSE bug 901237SUSE bug 915913CVE-2014-6491SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.
ModerateCVE-2014-6491SUSE bug 901237SUSE bug 915912CVE-2014-6492SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
ModerateCVE-2014-6492SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6493SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.
ModerateCVE-2014-6493SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6494SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.
ModerateCVE-2014-6494SUSE bug 901237SUSE bug 915912CVE-2014-6495SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.
ModerateCVE-2014-6495SUSE bug 901237SUSE bug 915913CVE-2014-6496SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.
ModerateCVE-2014-6496SUSE bug 901237SUSE bug 915912CVE-2014-6500SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.
ModerateCVE-2014-6500SUSE bug 901237SUSE bug 915912CVE-2014-6502SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.
ModerateCVE-2014-6502SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6503SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.
ModerateCVE-2014-6503SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6504SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot.
ModerateCVE-2014-6504SUSE bug 901239SUSE bug 901242SUSE bug 901246CVE-2014-6505SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.
ModerateCVE-2014-6505SUSE bug 901237SUSE bug 915913CVE-2014-6506SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
ModerateCVE-2014-6506SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6507SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
ModerateCVE-2014-6507SUSE bug 901237SUSE bug 915912CVE-2014-6511SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
ModerateCVE-2014-6511SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6512SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.
ModerateCVE-2014-6512SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6513SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
ModerateCVE-2014-6513SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6515SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.
ModerateCVE-2014-6515SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6517SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP.
ModerateCVE-2014-6517SUSE bug 901239SUSE bug 901242SUSE bug 901246CVE-2014-6519SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot.
ModerateCVE-2014-6519SUSE bug 901239SUSE bug 901242SUSE bug 901246CVE-2014-6520SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.
ModerateCVE-2014-6520SUSE bug 901237SUSE bug 915913CVE-2014-6527SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.
ModerateCVE-2014-6527SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6530SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.
ModerateCVE-2014-6530SUSE bug 901237SUSE bug 915913CVE-2014-6531SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
ModerateCVE-2014-6531SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6532SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
ModerateCVE-2014-6532SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6551SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.
ModerateCVE-2014-6551SUSE bug 901237SUSE bug 915913CVE-2014-6555SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
ModerateCVE-2014-6555SUSE bug 901237SUSE bug 915912CVE-2014-6558SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.
ModerateCVE-2014-6558SUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889CVE-2014-6559SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.
ModerateCVE-2014-6559SUSE bug 901237SUSE bug 915912CVE-2014-6564SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.
ModerateCVE-2014-6564SUSE bug 901237SUSE bug 915913CVE-2014-6568SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.
ModerateCVE-2014-6568SUSE bug 914058SUSE bug 915911CVE-2014-6585SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.
ModerateCVE-2014-6585SUSE bug 914041CVE-2014-6587SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
ModerateCVE-2014-6587SUSE bug 914041CVE-2014-6591SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.
ModerateCVE-2014-6591SUSE bug 914041CVE-2014-6593SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
ModerateCVE-2014-6593SUSE bug 914041CVE-2014-6601SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
ModerateCVE-2014-6601SUSE bug 914041CVE-2014-7154SUSE Linux Enterprise Server 12
Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.
ModerateCVE-2014-7154SUSE bug 880751SUSE bug 895798CVE-2014-7155SUSE Linux Enterprise Server 12
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.
ModerateCVE-2014-7155SUSE bug 880751SUSE bug 895799CVE-2014-7156SUSE Linux Enterprise Server 12
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors.
ModerateCVE-2014-7156SUSE bug 880751SUSE bug 895802CVE-2014-7169SUSE Linux Enterprise Server 12
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
ImportantCVE-2014-7169SUSE bug 1024628SUSE bug 1130324SUSE bug 870618SUSE bug 896776SUSE bug 898346SUSE bug 898664SUSE bug 898762SUSE bug 898812SUSE bug 898884SUSE bug 899266SUSE bug 900057SUSE bug 900127SUSE bug 900454SUSE bug 902237SUSE bug 926146CVE-2014-7185SUSE Linux Enterprise Server 12
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
ModerateCVE-2014-7185SUSE bug 898572SUSE bug 913479SUSE bug 955182CVE-2014-7186SUSE Linux Enterprise Server 12
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.
ModerateCVE-2014-7186SUSE bug 1024628SUSE bug 898603SUSE bug 898664SUSE bug 898762SUSE bug 898812SUSE bug 898884SUSE bug 900057CVE-2014-7187SUSE Linux Enterprise Server 12
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
ImportantCVE-2014-7187SUSE bug 1024628SUSE bug 898603SUSE bug 898664SUSE bug 898762SUSE bug 898812SUSE bug 898884SUSE bug 900057CVE-2014-7188SUSE Linux Enterprise Server 12
The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors.
ImportantCVE-2014-7188SUSE bug 880751SUSE bug 897657SUSE bug 903970CVE-2014-7189SUSE Linux Enterprise Server 12
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.
ModerateCVE-2014-7189SUSE bug 898901CVE-2014-7300SUSE Linux Enterprise Server 12
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.
ModerateCVE-2014-7300SUSE bug 900031CVE-2014-7810SUSE Linux Enterprise Server 12
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
ModerateCVE-2014-7810SUSE bug 931442CVE-2014-7815SUSE Linux Enterprise Server 12
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
ModerateCVE-2014-7815SUSE bug 902737SUSE bug 962627CVE-2014-7817SUSE Linux Enterprise Server 12
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
ModerateCVE-2014-7817SUSE bug 906371CVE-2014-7821SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.
ModerateCVE-2014-7821SUSE bug 905104CVE-2014-7822SUSE Linux Enterprise Server 12
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.
ModerateCVE-2014-7822SUSE bug 915322SUSE bug 915517SUSE bug 939240CVE-2014-7823SUSE Linux Enterprise Server 12
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
LowCVE-2014-7823SUSE bug 904176CVE-2014-7824SUSE Linux Enterprise Server 12
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
ModerateCVE-2014-7824SUSE bug 904017CVE-2014-7826SUSE Linux Enterprise Server 12
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.
LowCVE-2014-7826SUSE bug 904012SUSE bug 904013CVE-2014-7840SUSE Linux Enterprise Server 12
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
ModerateCVE-2014-7840SUSE bug 905097CVE-2014-7841SUSE Linux Enterprise Server 12
The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.
ImportantCVE-2014-7841SUSE bug 904899SUSE bug 905100CVE-2014-7844SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2014-7844SUSE bug 909208CVE-2014-8080SUSE Linux Enterprise Server 12
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
ModerateCVE-2014-8080SUSE bug 902851CVE-2014-8086SUSE Linux Enterprise Server 12
Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.
ModerateCVE-2014-8086SUSE bug 900881CVE-2014-8090SUSE Linux Enterprise Server 12
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
ModerateCVE-2014-8090SUSE bug 905326CVE-2014-8091SUSE Linux Enterprise Server 12
X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request.
ModerateCVE-2014-8091SUSE bug 882226SUSE bug 907268CVE-2014-8092SUSE Linux Enterprise Server 12
Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write.
ModerateCVE-2014-8092SUSE bug 1146596SUSE bug 907268SUSE bug 928520CVE-2014-8093SUSE Linux Enterprise Server 12
Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write.
ImportantCVE-2014-8093SUSE bug 907268CVE-2014-8094SUSE Linux Enterprise Server 12
Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.
ModerateCVE-2014-8094SUSE bug 907268CVE-2014-8095SUSE Linux Enterprise Server 12
The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function.
ModerateCVE-2014-8095SUSE bug 907268CVE-2014-8096SUSE Linux Enterprise Server 12
The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value.
ModerateCVE-2014-8096SUSE bug 907268CVE-2014-8097SUSE Linux Enterprise Server 12
The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function.
ModerateCVE-2014-8097SUSE bug 907268CVE-2014-8098SUSE Linux Enterprise Server 12
The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function.
ImportantCVE-2014-8098SUSE bug 907268CVE-2014-8099SUSE Linux Enterprise Server 12
The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function.
ModerateCVE-2014-8099SUSE bug 907268CVE-2014-8100SUSE Linux Enterprise Server 12
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.
ModerateCVE-2014-8100SUSE bug 907268CVE-2014-8101SUSE Linux Enterprise Server 12
The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.
ModerateCVE-2014-8101SUSE bug 907268CVE-2014-8102SUSE Linux Enterprise Server 12
The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value.
ModerateCVE-2014-8102SUSE bug 907268CVE-2014-8103SUSE Linux Enterprise Server 12
X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension.
ModerateCVE-2014-8103SUSE bug 907268CVE-2014-8104SUSE Linux Enterprise Server 12
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
ModerateCVE-2014-8104SUSE bug 907764CVE-2014-8106SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
ModerateCVE-2014-8106SUSE bug 1023004SUSE bug 907805CVE-2014-8109SUSE Linux Enterprise Server 12
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.
ModerateCVE-2014-8109SUSE bug 909715CVE-2014-8111SUSE Linux Enterprise Server 12
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
ModerateCVE-2014-8111SUSE bug 927845CVE-2014-8116SUSE Linux Enterprise Server 12
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.
ModerateCVE-2014-8116SUSE bug 910252SUSE bug 910253SUSE bug 917152CVE-2014-8117SUSE Linux Enterprise Server 12
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.
ModerateCVE-2014-8117SUSE bug 910252SUSE bug 910253SUSE bug 917152CVE-2014-8118SUSE Linux Enterprise Server 12
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
ImportantCVE-2014-8118SUSE bug 1101137SUSE bug 906803SUSE bug 908128CVE-2014-8119SUSE Linux Enterprise Server 12
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.
ImportantCVE-2014-8119SUSE bug 925225CVE-2014-8121SUSE Linux Enterprise Server 12
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
ModerateCVE-2014-8121SUSE bug 918187SUSE bug 939211SUSE bug 945779CVE-2014-8127SUSE Linux Enterprise Server 12
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
LowCVE-2014-8127SUSE bug 914890SUSE bug 916925SUSE bug 942690CVE-2014-8128SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2014-8128SUSE bug 1007276SUSE bug 1017690SUSE bug 1040322SUSE bug 914890SUSE bug 916925SUSE bug 942690SUSE bug 960341SUSE bug 974621SUSE bug 983436CVE-2014-8129SUSE Linux Enterprise Server 12
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
ModerateCVE-2014-8129SUSE bug 914890SUSE bug 916925SUSE bug 942690CVE-2014-8130SUSE Linux Enterprise Server 12
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
LowCVE-2014-8130SUSE bug 914890SUSE bug 916925SUSE bug 942690CVE-2014-8133SUSE Linux Enterprise Server 12
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.
ModerateCVE-2014-8133SUSE bug 817142SUSE bug 906545SUSE bug 907818SUSE bug 909077SUSE bug 923485CVE-2014-8136SUSE Linux Enterprise Server 12
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
LowCVE-2014-8136SUSE bug 910862CVE-2014-8137SUSE Linux Enterprise Server 12
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
ModerateCVE-2014-8137SUSE bug 909474SUSE bug 909475SUSE bug 911837SUSE bug 968373CVE-2014-8139SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2014-8139SUSE bug 909214SUSE bug 915880CVE-2014-8140SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2014-8140SUSE bug 909214SUSE bug 914442SUSE bug 915880CVE-2014-8141SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2014-8141SUSE bug 909214SUSE bug 915880CVE-2014-8146SUSE Linux Enterprise Server 12
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
ModerateCVE-2014-8146SUSE bug 1066493SUSE bug 910805SUSE bug 927951SUSE bug 929629SUSE bug 959178CVE-2014-8147SUSE Linux Enterprise Server 12
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.
ModerateCVE-2014-8147SUSE bug 1066493SUSE bug 1079317SUSE bug 910805SUSE bug 910806SUSE bug 927951SUSE bug 929629SUSE bug 959178CVE-2014-8150SUSE Linux Enterprise Server 12
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
ModerateCVE-2014-8150SUSE bug 911363SUSE bug 951391CVE-2014-8153SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.
LowCVE-2014-8153SUSE bug 913369CVE-2014-8157SUSE Linux Enterprise Server 12
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
ModerateCVE-2014-8157SUSE bug 911837CVE-2014-8158SUSE Linux Enterprise Server 12
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
ModerateCVE-2014-8158SUSE bug 911837CVE-2014-8159SUSE Linux Enterprise Server 12
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
ModerateCVE-2014-8159SUSE bug 903967SUSE bug 914742SUSE bug 939241CVE-2014-8160SUSE Linux Enterprise Server 12
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.
ModerateCVE-2014-8160SUSE bug 857643SUSE bug 913059CVE-2014-8161SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2014-8161SUSE bug 916953CVE-2014-8169SUSE Linux Enterprise Server 12
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
ModerateCVE-2014-8169SUSE bug 917977CVE-2014-8240SUSE Linux Enterprise Server 12
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.
ModerateCVE-2014-8240SUSE bug 900896CVE-2014-8242SUSE Linux Enterprise Server 12
librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.
LowCVE-2014-8242SUSE bug 900914SUSE bug 922710CVE-2014-8275SUSE Linux Enterprise Server 12
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
ModerateCVE-2014-8275SUSE bug 911906SUSE bug 912018SUSE bug 920339SUSE bug 927623SUSE bug 937891CVE-2014-8354SUSE Linux Enterprise Server 12
The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
LowCVE-2014-8354SUSE bug 903204SUSE bug 903638CVE-2014-8355SUSE Linux Enterprise Server 12
PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
LowCVE-2014-8355SUSE bug 903216SUSE bug 903638CVE-2014-8484SUSE Linux Enterprise Server 12
The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.
ModerateCVE-2014-8484SUSE bug 902676SUSE bug 902677CVE-2014-8485SUSE Linux Enterprise Server 12
The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.
ModerateCVE-2014-8485SUSE bug 902676CVE-2014-8500SUSE Linux Enterprise Server 12
ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.
ModerateCVE-2014-8500SUSE bug 908994CVE-2014-8501SUSE Linux Enterprise Server 12
The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.
ModerateCVE-2014-8501SUSE bug 903655CVE-2014-8502SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.
ModerateCVE-2014-8502SUSE bug 903655CVE-2014-8503SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.
ModerateCVE-2014-8503SUSE bug 903655CVE-2014-8504SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.
ModerateCVE-2014-8504SUSE bug 903655CVE-2014-8559SUSE Linux Enterprise Server 12
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.
ModerateCVE-2014-8559SUSE bug 903640SUSE bug 915517CVE-2014-8562SUSE Linux Enterprise Server 12
DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
ModerateCVE-2014-8562SUSE bug 903638CVE-2014-8564SUSE Linux Enterprise Server 12
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
ModerateCVE-2014-8564SUSE bug 904603CVE-2014-8594SUSE Linux Enterprise Server 12
The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).
ModerateCVE-2014-8594SUSE bug 903967SUSE bug 903970CVE-2014-8595SUSE Linux Enterprise Server 12
arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.
ModerateCVE-2014-8595SUSE bug 903970SUSE bug 907649CVE-2014-8634SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2014-8634SUSE bug 913064SUSE bug 913096CVE-2014-8635SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2014-8635CVE-2014-8638SUSE Linux Enterprise Server 12
The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.
ModerateCVE-2014-8638SUSE bug 913068SUSE bug 913096CVE-2014-8639SUSE Linux Enterprise Server 12
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.
ModerateCVE-2014-8639SUSE bug 913066SUSE bug 913096CVE-2014-8641SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.
ModerateCVE-2014-8641SUSE bug 913067SUSE bug 913096CVE-2014-8716SUSE Linux Enterprise Server 12
The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).
ModerateCVE-2014-8716SUSE bug 905260CVE-2014-8737SUSE Linux Enterprise Server 12
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
ModerateCVE-2014-8737SUSE bug 905736SUSE bug 912408CVE-2014-8738SUSE Linux Enterprise Server 12
The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.
ModerateCVE-2014-8738SUSE bug 905735CVE-2014-8767SUSE Linux Enterprise Server 12
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.
LowCVE-2014-8767SUSE bug 905870SUSE bug 905871CVE-2014-8768SUSE Linux Enterprise Server 12
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.
LowCVE-2014-8768SUSE bug 905871CVE-2014-8769SUSE Linux Enterprise Server 12
tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.
LowCVE-2014-8769SUSE bug 905871SUSE bug 905872CVE-2014-8866SUSE Linux Enterprise Server 12
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.
ModerateCVE-2014-8866SUSE bug 903970SUSE bug 905465CVE-2014-8867SUSE Linux Enterprise Server 12
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.
ModerateCVE-2014-8867SUSE bug 903970SUSE bug 905467CVE-2014-8891SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.
ModerateCVE-2014-8891SUSE bug 916266CVE-2014-8892SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.
ModerateCVE-2014-8892SUSE bug 916265CVE-2014-8962SUSE Linux Enterprise Server 12
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
ModerateCVE-2014-8962SUSE bug 906831SUSE bug 907764CVE-2014-8964SUSE Linux Enterprise Server 12
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
LowCVE-2014-8964SUSE bug 906574SUSE bug 924960SUSE bug 933288SUSE bug 936408SUSE bug 958373CVE-2014-9028SUSE Linux Enterprise Server 12
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
ModerateCVE-2014-9028SUSE bug 907016CVE-2014-9029SUSE Linux Enterprise Server 12
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
ModerateCVE-2014-9029SUSE bug 906364SUSE bug 909474CVE-2014-9030SUSE Linux Enterprise Server 12
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.
ModerateCVE-2014-9030SUSE bug 903970SUSE bug 906439CVE-2014-9050SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.
ModerateCVE-2014-9050SUSE bug 1040662SUSE bug 906770CVE-2014-9065SUSE Linux Enterprise Server 12
common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066.
ModerateCVE-2014-9065SUSE bug 906996SUSE bug 918998CVE-2014-9066SUSE Linux Enterprise Server 12
Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065.
ModerateCVE-2014-9066SUSE bug 906996SUSE bug 918998CVE-2014-9087SUSE Linux Enterprise Server 12
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.
ModerateCVE-2014-9087SUSE bug 907074SUSE bug 926826SUSE bug 996084CVE-2014-9090SUSE Linux Enterprise Server 12
The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.
ModerateCVE-2014-9090SUSE bug 817142SUSE bug 907818SUSE bug 909077SUSE bug 910251CVE-2014-9092SUSE Linux Enterprise Server 12
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
ModerateCVE-2014-9092SUSE bug 906761CVE-2014-9112SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
ModerateCVE-2014-9112SUSE bug 907456SUSE bug 913479CVE-2014-9114SUSE Linux Enterprise Server 12
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
ModerateCVE-2014-9114SUSE bug 888678SUSE bug 906725SUSE bug 907434SUSE bug 908742CVE-2014-9116SUSE Linux Enterprise Server 12
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
ModerateCVE-2014-9116SUSE bug 907453CVE-2014-9130SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5SUSE Linux Enterprise Server 12
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
ModerateCVE-2014-9130SUSE bug 907809SUSE bug 911782SUSE bug 921588CVE-2014-9140SUSE Linux Enterprise Server 12
Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.
ModerateCVE-2014-9140SUSE bug 923142CVE-2014-9221SUSE Linux Enterprise Server 12
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.
ModerateCVE-2014-9221SUSE bug 910491CVE-2014-9273SUSE Linux Enterprise Server 12
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
LowCVE-2014-9273SUSE bug 908614CVE-2014-9293SUSE Linux Enterprise Server 12
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
ImportantCVE-2014-9293SUSE bug 910764SUSE bug 911792SUSE bug 959243CVE-2014-9294SUSE Linux Enterprise Server 12
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
ImportantCVE-2014-9294SUSE bug 910764SUSE bug 911792SUSE bug 959243CVE-2014-9295SUSE Linux Enterprise Server 12
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
ImportantCVE-2014-9295SUSE bug 883859SUSE bug 910764SUSE bug 911792SUSE bug 912826SUSE bug 916239SUSE bug 959243CVE-2014-9296SUSE Linux Enterprise Server 12
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
ModerateCVE-2014-9296SUSE bug 910764SUSE bug 911792SUSE bug 959243CVE-2014-9297SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2014-9297SUSE bug 911792SUSE bug 948963SUSE bug 959243CVE-2014-9298SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2014-9298SUSE bug 911792SUSE bug 948963SUSE bug 959243CVE-2014-9322SUSE Linux Enterprise Server 12
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
ImportantCVE-2014-9322SUSE bug 817142SUSE bug 910251SUSE bug 923485CVE-2014-9328SUSE Linux Enterprise Server 12
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."
ModerateCVE-2014-9328SUSE bug 1040662SUSE bug 915512CVE-2014-9356SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2014-9356SUSE bug 909712SUSE bug 909747CVE-2014-9357SUSE Linux Enterprise Server 12
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.
ModerateCVE-2014-9357SUSE bug 909710SUSE bug 909747CVE-2014-9358SUSE Linux Enterprise Server 12
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
ImportantCVE-2014-9358SUSE bug 909709SUSE bug 909747CVE-2014-9390SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2014-9390SUSE bug 910756SUSE bug 925040CVE-2014-9402SUSE Linux Enterprise Server 12
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
LowCVE-2014-9402SUSE bug 910599CVE-2014-9419SUSE Linux Enterprise Server 12
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.
LowCVE-2014-9419SUSE bug 911326CVE-2014-9420SUSE Linux Enterprise Server 12
The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.
ModerateCVE-2014-9420SUSE bug 906545SUSE bug 911325CVE-2014-9421SUSE Linux Enterprise Server 12
The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.
ModerateCVE-2014-9421SUSE bug 1005509SUSE bug 770172SUSE bug 912002CVE-2014-9422SUSE Linux Enterprise Server 12
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.
ModerateCVE-2014-9422SUSE bug 1005509SUSE bug 770172SUSE bug 912002CVE-2014-9423SUSE Linux Enterprise Server 12
The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.
ModerateCVE-2014-9423SUSE bug 1005509SUSE bug 912002CVE-2014-9447SUSE Linux Enterprise Server 12
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.
ModerateCVE-2014-9447SUSE bug 911662SUSE bug 912408CVE-2014-9474SUSE Linux Enterprise Server 12
Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str.
LowCVE-2014-9474SUSE bug 911812CVE-2014-9495SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
ModerateCVE-2014-9495SUSE bug 912076SUSE bug 912929CVE-2014-9496SUSE Linux Enterprise Server 12
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
ModerateCVE-2014-9496SUSE bug 911796CVE-2014-9512SUSE Linux Enterprise Server 12
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
ModerateCVE-2014-9512SUSE bug 915410SUSE bug 960191CVE-2014-9556SUSE Linux Enterprise Server 12
Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.
ModerateCVE-2014-9556SUSE bug 912214SUSE bug 919283SUSE bug 934533CVE-2014-9584SUSE Linux Enterprise Server 12
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
ModerateCVE-2014-9584SUSE bug 912654CVE-2014-9585SUSE Linux Enterprise Server 12
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
ImportantCVE-2014-9585SUSE bug 912705CVE-2014-9622SUSE Linux Enterprise Server 12
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.
ImportantCVE-2014-9622SUSE bug 913676CVE-2014-9636SUSE Linux Enterprise Server 12
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
ModerateCVE-2014-9636SUSE bug 914442SUSE bug 915880CVE-2014-9638SUSE Linux Enterprise Server 12
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
ModerateCVE-2014-9638SUSE bug 914439SUSE bug 914441CVE-2014-9639SUSE Linux Enterprise Server 12
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
ModerateCVE-2014-9639SUSE bug 1081744SUSE bug 914439SUSE bug 914441CVE-2014-9640SUSE Linux Enterprise Server 12
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.
ModerateCVE-2014-9640SUSE bug 912214SUSE bug 914938SUSE bug 919283CVE-2014-9645SUSE Linux Enterprise Server 12
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command.
ModerateCVE-2014-9645SUSE bug 914423SUSE bug 914660CVE-2014-9654SUSE Linux Enterprise Server 12
The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.
CriticalCVE-2014-9654SUSE bug 917129SUSE bug 929629SUSE bug 952260SUSE bug 969781CVE-2014-9655SUSE Linux Enterprise Server 12
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
ModerateCVE-2014-9655SUSE bug 914890SUSE bug 916925SUSE bug 916927CVE-2014-9656SUSE Linux Enterprise Server 12
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.
ModerateCVE-2014-9656SUSE bug 916847CVE-2014-9657SUSE Linux Enterprise Server 12
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
ModerateCVE-2014-9657SUSE bug 916856CVE-2014-9658SUSE Linux Enterprise Server 12
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
ModerateCVE-2014-9658SUSE bug 916857CVE-2014-9659SUSE Linux Enterprise Server 12
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.
ModerateCVE-2014-9659SUSE bug 916867CVE-2014-9660SUSE Linux Enterprise Server 12
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.
ModerateCVE-2014-9660SUSE bug 916858CVE-2014-9661SUSE Linux Enterprise Server 12
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.
ModerateCVE-2014-9661SUSE bug 916859CVE-2014-9662SUSE Linux Enterprise Server 12
cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.
ModerateCVE-2014-9662SUSE bug 916860CVE-2014-9663SUSE Linux Enterprise Server 12
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.
ModerateCVE-2014-9663SUSE bug 916865CVE-2014-9664SUSE Linux Enterprise Server 12
FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.
ModerateCVE-2014-9664SUSE bug 916864CVE-2014-9665SUSE Linux Enterprise Server 12
The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file.
ModerateCVE-2014-9665SUSE bug 916863CVE-2014-9666SUSE Linux Enterprise Server 12
The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.
ModerateCVE-2014-9666SUSE bug 916862CVE-2014-9667SUSE Linux Enterprise Server 12
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.
ModerateCVE-2014-9667SUSE bug 916861CVE-2014-9668SUSE Linux Enterprise Server 12
The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.
ModerateCVE-2014-9668SUSE bug 916868CVE-2014-9669SUSE Linux Enterprise Server 12
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.
ModerateCVE-2014-9669SUSE bug 916870CVE-2014-9670SUSE Linux Enterprise Server 12
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.
ModerateCVE-2014-9670SUSE bug 916871SUSE bug 933247CVE-2014-9671SUSE Linux Enterprise Server 12
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.
ModerateCVE-2014-9671SUSE bug 916872SUSE bug 933247CVE-2014-9672SUSE Linux Enterprise Server 12
Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.
ModerateCVE-2014-9672SUSE bug 916873CVE-2014-9673SUSE Linux Enterprise Server 12
Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.
ModerateCVE-2014-9673SUSE bug 916874CVE-2014-9674SUSE Linux Enterprise Server 12
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.
ModerateCVE-2014-9674SUSE bug 916879CVE-2014-9675SUSE Linux Enterprise Server 12
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
ModerateCVE-2014-9675SUSE bug 916881CVE-2014-9679SUSE Linux Enterprise Server 12
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
ModerateCVE-2014-9679SUSE bug 917799CVE-2014-9687SUSE Linux Enterprise Server 12
eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.
ModerateCVE-2014-9687SUSE bug 920160CVE-2014-9709SUSE Linux Enterprise Server 12
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.
ModerateCVE-2014-9709SUSE bug 923945SUSE bug 923946SUSE bug 980366CVE-2014-9717SUSE Linux Enterprise Server 12
fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.
ModerateCVE-2014-9717SUSE bug 928547CVE-2014-9718SUSE Linux Enterprise Server 12
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.
ModerateCVE-2014-9718SUSE bug 928393SUSE bug 964431CVE-2014-9728SUSE Linux Enterprise Server 12
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.
ModerateCVE-2014-9728SUSE bug 911325SUSE bug 933904CVE-2014-9729SUSE Linux Enterprise Server 12
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.
ModerateCVE-2014-9729SUSE bug 911325SUSE bug 933904CVE-2014-9730SUSE Linux Enterprise Server 12
The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.
ModerateCVE-2014-9730SUSE bug 911325SUSE bug 933904CVE-2014-9731SUSE Linux Enterprise Server 12
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c.
ModerateCVE-2014-9731SUSE bug 911325SUSE bug 933896CVE-2014-9732SUSE Linux Enterprise Server 12
The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive.
ModerateCVE-2014-9732SUSE bug 934524SUSE bug 934533CVE-2014-9756SUSE Linux Enterprise Server 12
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
ModerateCVE-2014-9756SUSE bug 953516SUSE bug 953519SUSE bug 953521CVE-2014-9761SUSE Linux Enterprise Server 12
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
CriticalCVE-2014-9761SUSE bug 962738SUSE bug 986086CVE-2014-9770SUSE Linux Enterprise Server 12
tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.
LowCVE-2014-9770SUSE bug 972612CVE-2015-0138SUSE Linux Enterprise Server 12
GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
ModerateCVE-2015-0138SUSE bug 952088CVE-2015-0192SUSE Linux Enterprise Server 12
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.
ModerateCVE-2015-0192SUSE bug 952088CVE-2015-0204SUSE Linux Enterprise Server 12
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
ModerateCVE-2015-0204SUSE bug 912014SUSE bug 920339SUSE bug 920482SUSE bug 920484SUSE bug 927591SUSE bug 927623SUSE bug 936787SUSE bug 952088CVE-2015-0205SUSE Linux Enterprise Server 12
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.
ModerateCVE-2015-0205SUSE bug 912293SUSE bug 920339SUSE bug 927623SUSE bug 937891CVE-2015-0206SUSE Linux Enterprise Server 12
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.
ModerateCVE-2015-0206SUSE bug 912292SUSE bug 920339SUSE bug 927623SUSE bug 937891CVE-2015-0209SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.
ModerateCVE-2015-0209SUSE bug 919648SUSE bug 936586SUSE bug 937891CVE-2015-0210SUSE Linux Enterprise Server 12
wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.
ModerateCVE-2015-0210SUSE bug 915323CVE-2015-0228SUSE Linux Enterprise Server 12
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
ModerateCVE-2015-0228SUSE bug 918352CVE-2015-0236SUSE Linux Enterprise Server 12
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
ModerateCVE-2015-0236SUSE bug 914693CVE-2015-0240SUSE Linux Enterprise Server 12
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
ImportantCVE-2015-0240SUSE bug 917376CVE-2015-0241SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2015-0241SUSE bug 916953CVE-2015-0243SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2015-0243SUSE bug 916953CVE-2015-0244SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2015-0244SUSE bug 916953CVE-2015-0245SUSE Linux Enterprise Server 12
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
ModerateCVE-2015-0245SUSE bug 1003898SUSE bug 916343CVE-2015-0247SUSE Linux Enterprise Server 12
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
ModerateCVE-2015-0247SUSE bug 1123790SUSE bug 915402SUSE bug 918346CVE-2015-0255SUSE Linux Enterprise Server 12
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
ModerateCVE-2015-0255SUSE bug 915810CVE-2015-0259SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.
ModerateCVE-2015-0259SUSE bug 917091CVE-2015-0261SUSE Linux Enterprise Server 12
Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.
ModerateCVE-2015-0261SUSE bug 922220CVE-2015-0272SUSE Linux Enterprise Server 12
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
ModerateCVE-2015-0272SUSE bug 944296SUSE bug 951638SUSE bug 955354CVE-2015-0286SUSE Linux Enterprise Server 12
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.
ModerateCVE-2015-0286SUSE bug 919648SUSE bug 922496SUSE bug 936586SUSE bug 937891SUSE bug 951391CVE-2015-0287SUSE Linux Enterprise Server 12
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.
ModerateCVE-2015-0287SUSE bug 919648SUSE bug 922499SUSE bug 936586SUSE bug 937492SUSE bug 937891SUSE bug 940369SUSE bug 968888SUSE bug 991722CVE-2015-0288SUSE Linux Enterprise Server 12
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.
ModerateCVE-2015-0288SUSE bug 919648SUSE bug 920236SUSE bug 936586SUSE bug 937891SUSE bug 951391CVE-2015-0289SUSE Linux Enterprise Server 12
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.
ModerateCVE-2015-0289SUSE bug 919648SUSE bug 922500SUSE bug 936586SUSE bug 937891CVE-2015-0293SUSE Linux Enterprise Server 12
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.
ModerateCVE-2015-0293SUSE bug 919648SUSE bug 922488SUSE bug 936586SUSE bug 968044SUSE bug 968051SUSE bug 968053SUSE bug 986238CVE-2015-0294SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2015-0294SUSE bug 919938CVE-2015-0295SUSE Linux Enterprise Server 12
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
LowCVE-2015-0295SUSE bug 921999SUSE bug 927806SUSE bug 927807SUSE bug 927808SUSE bug 936523CVE-2015-0361SUSE Linux Enterprise Server 12
Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.
ModerateCVE-2015-0361SUSE bug 910681SUSE bug 918998SUSE bug 950367CVE-2015-0374SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.
ModerateCVE-2015-0374SUSE bug 914058SUSE bug 915911CVE-2015-0381SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.
ModerateCVE-2015-0381SUSE bug 914058SUSE bug 915911CVE-2015-0382SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.
ModerateCVE-2015-0382SUSE bug 914058SUSE bug 915911CVE-2015-0383SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.
ModerateCVE-2015-0383SUSE bug 914041CVE-2015-0391SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
ModerateCVE-2015-0391SUSE bug 914058SUSE bug 915913CVE-2015-0395SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
ModerateCVE-2015-0395SUSE bug 914041CVE-2015-0400SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
ModerateCVE-2015-0400SUSE bug 914041CVE-2015-0407SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
ModerateCVE-2015-0407SUSE bug 914041CVE-2015-0408SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
ModerateCVE-2015-0408SUSE bug 914041CVE-2015-0410SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
ModerateCVE-2015-0410SUSE bug 914041CVE-2015-0411SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.
ModerateCVE-2015-0411SUSE bug 914058SUSE bug 915911CVE-2015-0412SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
ModerateCVE-2015-0412SUSE bug 914041CVE-2015-0432SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.
ModerateCVE-2015-0432SUSE bug 914058SUSE bug 915911CVE-2015-0433SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.
ModerateCVE-2015-0433SUSE bug 927623SUSE bug 936409CVE-2015-0441SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.
ModerateCVE-2015-0441SUSE bug 927623SUSE bug 936409CVE-2015-0458SUSE Linux Enterprise Server 12
Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
ModerateCVE-2015-0458SUSE bug 927591CVE-2015-0459SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491.
ImportantCVE-2015-0459SUSE bug 927591SUSE bug 932310CVE-2015-0460SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
ModerateCVE-2015-0460SUSE bug 927591CVE-2015-0469SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
ImportantCVE-2015-0469SUSE bug 927591SUSE bug 932310CVE-2015-0477SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.
ModerateCVE-2015-0477SUSE bug 927591CVE-2015-0478SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.
LowCVE-2015-0478SUSE bug 927591SUSE bug 944456CVE-2015-0480SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.
ModerateCVE-2015-0480SUSE bug 927591CVE-2015-0484SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492.
ModerateCVE-2015-0484SUSE bug 927591CVE-2015-0488SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.
ModerateCVE-2015-0488SUSE bug 927591CVE-2015-0491SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.
ImportantCVE-2015-0491SUSE bug 927591SUSE bug 932310CVE-2015-0492SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484.
ImportantCVE-2015-0492SUSE bug 927591CVE-2015-0499SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.
ModerateCVE-2015-0499SUSE bug 927623SUSE bug 936408CVE-2015-0501SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.
ModerateCVE-2015-0501SUSE bug 927623SUSE bug 936408CVE-2015-0505SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
ModerateCVE-2015-0505SUSE bug 927623SUSE bug 936408CVE-2015-0559SUSE Linux Enterprise Server 12
Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.
ModerateCVE-2015-0559SUSE bug 912365CVE-2015-0560SUSE Linux Enterprise Server 12
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-0560SUSE bug 912365CVE-2015-0561SUSE Linux Enterprise Server 12
asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.
ModerateCVE-2015-0561SUSE bug 912368CVE-2015-0562SUSE Linux Enterprise Server 12
Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.
ModerateCVE-2015-0562SUSE bug 912369CVE-2015-0563SUSE Linux Enterprise Server 12
epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-0563SUSE bug 912370CVE-2015-0564SUSE Linux Enterprise Server 12
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.
ModerateCVE-2015-0564SUSE bug 912372CVE-2015-0777SUSE Linux Enterprise Server 12
drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors.
LowCVE-2015-0777SUSE bug 917830CVE-2015-0794SUSE Linux Enterprise Server 12
modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.
ImportantCVE-2015-0794SUSE bug 923755SUSE bug 935338SUSE bug 963976CVE-2015-0797SUSE Linux Enterprise Server 12
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.
ImportantCVE-2015-0797SUSE bug 927559SUSE bug 930622CVE-2015-0801SUSE Linux Enterprise Server 12
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.
ModerateCVE-2015-0801SUSE bug 925368SUSE bug 925401CVE-2015-0807SUSE Linux Enterprise Server 12
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.
ModerateCVE-2015-0807SUSE bug 913068SUSE bug 925368SUSE bug 925398CVE-2015-0813SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.
ModerateCVE-2015-0813SUSE bug 925368SUSE bug 925393CVE-2015-0814SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2015-0814SUSE bug 925368SUSE bug 925392CVE-2015-0815SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2015-0815SUSE bug 925368SUSE bug 925392CVE-2015-0816SUSE Linux Enterprise Server 12
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.
ModerateCVE-2015-0816SUSE bug 925368SUSE bug 925395CVE-2015-0817SUSE Linux Enterprise Server 12
The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.
ModerateCVE-2015-0817SUSE bug 923495SUSE bug 923534CVE-2015-0818SUSE Linux Enterprise Server 12
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.
ModerateCVE-2015-0818SUSE bug 923495SUSE bug 923534CVE-2015-0822SUSE Linux Enterprise Server 12
The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.
ModerateCVE-2015-0822SUSE bug 910669SUSE bug 917597SUSE bug 923534SUSE bug 924515CVE-2015-0827SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.
ModerateCVE-2015-0827SUSE bug 910669SUSE bug 917597SUSE bug 923534SUSE bug 924515CVE-2015-0831SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.
ImportantCVE-2015-0831SUSE bug 910669SUSE bug 917597SUSE bug 923534SUSE bug 924515CVE-2015-0835SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-0835SUSE bug 910669SUSE bug 917597SUSE bug 924515CVE-2015-0836SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-0836SUSE bug 910669SUSE bug 917597SUSE bug 923534SUSE bug 924515CVE-2015-0837SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2015-0837SUSE bug 920057CVE-2015-0973SUSE Linux Enterprise Server 12
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
ModerateCVE-2015-0973SUSE bug 912929CVE-2015-1038SUSE Linux Enterprise Server 12
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
LowCVE-2015-1038SUSE bug 912878CVE-2015-1158SUSE Linux Enterprise Server 12
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
ImportantCVE-2015-1158SUSE bug 924208SUSE bug 976653CVE-2015-1159SUSE Linux Enterprise Server 12
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
ImportantCVE-2015-1159SUSE bug 924208SUSE bug 976653CVE-2015-1191SUSE Linux Enterprise Server 12
Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.
ModerateCVE-2015-1191SUSE bug 913627CVE-2015-1196SUSE Linux Enterprise Server 12
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
ModerateCVE-2015-1196SUSE bug 913678SUSE bug 915329CVE-2015-1283SUSE Linux Enterprise Server 12
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
ModerateCVE-2015-1283SUSE bug 1034050SUSE bug 939077SUSE bug 979441SUSE bug 980391SUSE bug 983985CVE-2015-1349SUSE Linux Enterprise Server 12
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.
LowCVE-2015-1349SUSE bug 918330CVE-2015-1395SUSE Linux Enterprise Server 12
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
LowCVE-2015-1395SUSE bug 915328CVE-2015-1396SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
LowCVE-2015-1396SUSE bug 915329CVE-2015-1419SUSE Linux Enterprise Server 12
Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
ModerateCVE-2015-1419SUSE bug 900326SUSE bug 915522CVE-2015-1461SUSE Linux Enterprise Server 12
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."
ImportantCVE-2015-1461SUSE bug 1040662SUSE bug 916217CVE-2015-1462SUSE Linux Enterprise Server 12
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."
ImportantCVE-2015-1462SUSE bug 1040662SUSE bug 916214CVE-2015-1463SUSE Linux Enterprise Server 12
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."
ModerateCVE-2015-1463SUSE bug 1040662SUSE bug 916215CVE-2015-1465SUSE Linux Enterprise Server 12
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.
ImportantCVE-2015-1465SUSE bug 916225CVE-2015-1472SUSE Linux Enterprise Server 12
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.
ModerateCVE-2015-1472SUSE bug 916222SUSE bug 920341SUSE bug 922243CVE-2015-1545SUSE Linux Enterprise Server 12
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
ModerateCVE-2015-1545SUSE bug 846389SUSE bug 905959SUSE bug 916897SUSE bug 916914CVE-2015-1546SUSE Linux Enterprise Server 12
Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.
ModerateCVE-2015-1546SUSE bug 916914CVE-2015-1572SUSE Linux Enterprise Server 12
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.
LowCVE-2015-1572SUSE bug 1123790SUSE bug 915402SUSE bug 918346CVE-2015-1606SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
LowCVE-2015-1606SUSE bug 918089CVE-2015-1607SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
LowCVE-2015-1607SUSE bug 918090CVE-2015-1774SUSE Linux Enterprise Server 12
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.
ModerateCVE-2015-1774SUSE bug 919409CVE-2015-1779SUSE Linux Enterprise Server 12
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
ModerateCVE-2015-1779SUSE bug 924018SUSE bug 962632CVE-2015-1781SUSE Linux Enterprise Server 12
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
ModerateCVE-2015-1781SUSE bug 927080SUSE bug 939211CVE-2015-1782SUSE Linux Enterprise Server 12
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.
ImportantCVE-2015-1782SUSE bug 921070CVE-2015-1788SUSE Linux Enterprise Server 12
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.
ModerateCVE-2015-1788SUSE bug 934487SUSE bug 936586SUSE bug 937891SUSE bug 938432CVE-2015-1789SUSE Linux Enterprise Server 12
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
ImportantCVE-2015-1789SUSE bug 934489SUSE bug 936586SUSE bug 937891SUSE bug 938432SUSE bug 951391CVE-2015-1790SUSE Linux Enterprise Server 12
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.
ModerateCVE-2015-1790SUSE bug 934491SUSE bug 936586SUSE bug 938432CVE-2015-1791SUSE Linux Enterprise Server 12
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
ModerateCVE-2015-1791SUSE bug 933911SUSE bug 986238SUSE bug 989464CVE-2015-1792SUSE Linux Enterprise Server 12
The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.
ModerateCVE-2015-1792SUSE bug 934493SUSE bug 937891SUSE bug 986238CVE-2015-1798SUSE Linux Enterprise Server 12
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
ImportantCVE-2015-1798SUSE bug 924202SUSE bug 927497SUSE bug 928321SUSE bug 957163CVE-2015-1799SUSE Linux Enterprise Server 12
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
ImportantCVE-2015-1799SUSE bug 924202SUSE bug 927497SUSE bug 928321SUSE bug 943565SUSE bug 957163SUSE bug 959243CVE-2015-1802SUSE Linux Enterprise Server 12
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.
ModerateCVE-2015-1802SUSE bug 921978CVE-2015-1803SUSE Linux Enterprise Server 12
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
ModerateCVE-2015-1803SUSE bug 921978CVE-2015-1804SUSE Linux Enterprise Server 12
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
ModerateCVE-2015-1804SUSE bug 921978CVE-2015-1805SUSE Linux Enterprise Server 12
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
ModerateCVE-2015-1805SUSE bug 917839SUSE bug 933429SUSE bug 939270SUSE bug 964730SUSE bug 964732CVE-2015-1819SUSE Linux Enterprise Server 12
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
ModerateCVE-2015-1819SUSE bug 1123919SUSE bug 928193CVE-2015-1852SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.
ModerateCVE-2015-1852SUSE bug 928205CVE-2015-1858SUSE Linux Enterprise Server 12
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
ModerateCVE-2015-1858SUSE bug 921999SUSE bug 927806SUSE bug 927807SUSE bug 927808CVE-2015-1859SUSE Linux Enterprise Server 12
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
ModerateCVE-2015-1859SUSE bug 921999SUSE bug 927806SUSE bug 927807SUSE bug 927808CVE-2015-1860SUSE Linux Enterprise Server 12
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
ModerateCVE-2015-1860SUSE bug 921999SUSE bug 927806SUSE bug 927807SUSE bug 927808CVE-2015-1863SUSE Linux Enterprise Server 12
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.
ModerateCVE-2015-1863SUSE bug 915323SUSE bug 927558CVE-2015-1914SUSE Linux Enterprise Server 12
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.
ModerateCVE-2015-1914SUSE bug 952088CVE-2015-1931SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2015-1931SUSE bug 937828SUSE bug 938248SUSE bug 938895SUSE bug 939382CVE-2015-2041SUSE Linux Enterprise Server 12
net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
ModerateCVE-2015-2041SUSE bug 903967SUSE bug 919007CVE-2015-2042SUSE Linux Enterprise Server 12
net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
ModerateCVE-2015-2042SUSE bug 903967SUSE bug 919018CVE-2015-2044SUSE Linux Enterprise Server 12
The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.
LowCVE-2015-2044SUSE bug 918995SUSE bug 918998CVE-2015-2045SUSE Linux Enterprise Server 12
The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.
LowCVE-2015-2045SUSE bug 918998CVE-2015-2150SUSE Linux Enterprise Server 12
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
ModerateCVE-2015-2150SUSE bug 800280SUSE bug 903967SUSE bug 919463CVE-2015-2151SUSE Linux Enterprise Server 12
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.
ModerateCVE-2015-2151SUSE bug 918998SUSE bug 919464CVE-2015-2152SUSE Linux Enterprise Server 12
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.
ModerateCVE-2015-2152SUSE bug 918998SUSE bug 919663SUSE bug 950367CVE-2015-2153SUSE Linux Enterprise Server 12
The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).
ModerateCVE-2015-2153SUSE bug 922221SUSE bug 922222SUSE bug 922223CVE-2015-2154SUSE Linux Enterprise Server 12
The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.
ModerateCVE-2015-2154SUSE bug 922222CVE-2015-2155SUSE Linux Enterprise Server 12
The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
ModerateCVE-2015-2155SUSE bug 922220SUSE bug 922221SUSE bug 922222SUSE bug 922223CVE-2015-2170SUSE Linux Enterprise Server 12
The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
ModerateCVE-2015-2170SUSE bug 1040662SUSE bug 921950SUSE bug 922560SUSE bug 929192CVE-2015-2188SUSE Linux Enterprise Server 12
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.
ModerateCVE-2015-2188SUSE bug 920696CVE-2015-2189SUSE Linux Enterprise Server 12
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.
ModerateCVE-2015-2189SUSE bug 920697CVE-2015-2191SUSE Linux Enterprise Server 12
Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
ModerateCVE-2015-2191SUSE bug 920699CVE-2015-2221SUSE Linux Enterprise Server 12
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.
ModerateCVE-2015-2221SUSE bug 1040662SUSE bug 921950SUSE bug 922560SUSE bug 929192CVE-2015-2222SUSE Linux Enterprise Server 12
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.
ModerateCVE-2015-2222SUSE bug 1040662SUSE bug 921950SUSE bug 922560SUSE bug 929192CVE-2015-2265SUSE Linux Enterprise Server 12
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
ModerateCVE-2015-2265SUSE bug 921753SUSE bug 937018CVE-2015-2296SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5SUSE Linux Enterprise Server 12
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
ModerateCVE-2015-2296SUSE bug 922448SUSE bug 926396CVE-2015-2304SUSE Linux Enterprise Server 12
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
ModerateCVE-2015-2304SUSE bug 920870CVE-2015-2305SUSE Linux Enterprise Server 12
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
ModerateCVE-2015-2305SUSE bug 1040662SUSE bug 921950SUSE bug 922022SUSE bug 922028SUSE bug 922030SUSE bug 922043SUSE bug 922560SUSE bug 922567SUSE bug 929192SUSE bug 980366CVE-2015-2325SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ImportantCVE-2015-2325SUSE bug 924960SUSE bug 933288SUSE bug 936408SUSE bug 958373CVE-2015-2326SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2015-2326SUSE bug 924960SUSE bug 924961SUSE bug 933288SUSE bug 936408SUSE bug 958373CVE-2015-2330SUSE Linux Enterprise Server 12
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.
ModerateCVE-2015-2330SUSE bug 922895CVE-2015-2331SUSE Linux Enterprise Server 12
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
ModerateCVE-2015-2331SUSE bug 922894SUSE bug 923240CVE-2015-2568SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.
ModerateCVE-2015-2568SUSE bug 927623SUSE bug 936409CVE-2015-2571SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
ModerateCVE-2015-2571SUSE bug 927623SUSE bug 936408CVE-2015-2573SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
ModerateCVE-2015-2573SUSE bug 927623SUSE bug 936409CVE-2015-2590SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
ImportantCVE-2015-2590SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-2596SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u80 allows remote attackers to affect integrity via unknown vectors related to Hotspot.
ImportantCVE-2015-2596SUSE bug 937828SUSE bug 938248CVE-2015-2597SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install.
ImportantCVE-2015-2597SUSE bug 937828SUSE bug 938248CVE-2015-2601SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.
ImportantCVE-2015-2601SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-2613SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.
ImportantCVE-2015-2613SUSE bug 937828SUSE bug 938248SUSE bug 938895SUSE bug 951727CVE-2015-2619SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
ImportantCVE-2015-2619SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-2621SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX.
ImportantCVE-2015-2621SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-2625SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE.
ImportantCVE-2015-2625SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-2627SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to installation.
ImportantCVE-2015-2627SUSE bug 937828SUSE bug 938248CVE-2015-2628SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.
ImportantCVE-2015-2628SUSE bug 937828SUSE bug 938248CVE-2015-2632SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
ImportantCVE-2015-2632SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-2637SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
ImportantCVE-2015-2637SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-2638SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
ImportantCVE-2015-2638SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-2664SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
ImportantCVE-2015-2664SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-2666SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.
ModerateCVE-2015-2666SUSE bug 922944CVE-2015-2668SUSE Linux Enterprise Server 12
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.
ModerateCVE-2015-2668SUSE bug 1040662SUSE bug 921950SUSE bug 922560SUSE bug 929192CVE-2015-2694SUSE Linux Enterprise Server 12
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
ModerateCVE-2015-2694SUSE bug 928978CVE-2015-2695SUSE Linux Enterprise Server 12
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.
ImportantCVE-2015-2695SUSE bug 770172SUSE bug 952188SUSE bug 969771CVE-2015-2696SUSE Linux Enterprise Server 12
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.
ImportantCVE-2015-2696SUSE bug 770172SUSE bug 952189SUSE bug 954204CVE-2015-2697SUSE Linux Enterprise Server 12
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.
ModerateCVE-2015-2697SUSE bug 770172SUSE bug 952190CVE-2015-2698SUSE Linux Enterprise Server 12
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.
ModerateCVE-2015-2698SUSE bug 770172SUSE bug 954204CVE-2015-2708SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-2708SUSE bug 930622CVE-2015-2709SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-2709SUSE bug 930622CVE-2015-2710SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.
ImportantCVE-2015-2710SUSE bug 930622CVE-2015-2713SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
ImportantCVE-2015-2713SUSE bug 930622CVE-2015-2716SUSE Linux Enterprise Server 12
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
ModerateCVE-2015-2716SUSE bug 930622SUSE bug 939077SUSE bug 980391SUSE bug 983985CVE-2015-2721SUSE Linux Enterprise Server 12
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.
ImportantCVE-2015-2721SUSE bug 935979CVE-2015-2722SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.
ImportantCVE-2015-2722SUSE bug 935979CVE-2015-2724SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-2724SUSE bug 935979CVE-2015-2725SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-2725SUSE bug 935979CVE-2015-2726SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-2726SUSE bug 935979CVE-2015-2728SUSE Linux Enterprise Server 12
The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.
ImportantCVE-2015-2728SUSE bug 935979CVE-2015-2730SUSE Linux Enterprise Server 12
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.
ImportantCVE-2015-2730SUSE bug 935979CVE-2015-2733SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.
ImportantCVE-2015-2733SUSE bug 935979CVE-2015-2734SUSE Linux Enterprise Server 12
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
ImportantCVE-2015-2734SUSE bug 935979CVE-2015-2735SUSE Linux Enterprise Server 12
nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.
ImportantCVE-2015-2735SUSE bug 935979CVE-2015-2736SUSE Linux Enterprise Server 12
The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.
ImportantCVE-2015-2736SUSE bug 935979CVE-2015-2737SUSE Linux Enterprise Server 12
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
ImportantCVE-2015-2737SUSE bug 935979CVE-2015-2738SUSE Linux Enterprise Server 12
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
ImportantCVE-2015-2738SUSE bug 935979CVE-2015-2739SUSE Linux Enterprise Server 12
The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.
ImportantCVE-2015-2739SUSE bug 935979CVE-2015-2740SUSE Linux Enterprise Server 12
Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.
ImportantCVE-2015-2740SUSE bug 935979CVE-2015-2743SUSE Linux Enterprise Server 12
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.
ImportantCVE-2015-2743SUSE bug 935979CVE-2015-2751SUSE Linux Enterprise Server 12
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.
LowCVE-2015-2751SUSE bug 922709SUSE bug 950367CVE-2015-2752SUSE Linux Enterprise Server 12
The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).
ModerateCVE-2015-2752SUSE bug 922705CVE-2015-2756SUSE Linux Enterprise Server 12
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
CVE-2015-2756SUSE bug 922706CVE-2015-2806SUSE Linux Enterprise Server 12
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
ModerateCVE-2015-2806SUSE bug 924828SUSE bug 929414SUSE bug 961491CVE-2015-2808SUSE Linux Enterprise Server 12
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
ImportantCVE-2015-2808SUSE bug 925378SUSE bug 938248SUSE bug 938895SUSE bug 952088CVE-2015-2830SUSE Linux Enterprise Server 12
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.
ModerateCVE-2015-2830SUSE bug 903967SUSE bug 926240CVE-2015-2922SUSE Linux Enterprise Server 12
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
ModerateCVE-2015-2922SUSE bug 903967SUSE bug 922583SUSE bug 926223CVE-2015-2925SUSE Linux Enterprise Server 12
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
ModerateCVE-2015-2925SUSE bug 926238SUSE bug 951625SUSE bug 951638SUSE bug 963994CVE-2015-3143SUSE Linux Enterprise Server 12
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
ModerateCVE-2015-3143SUSE bug 927556CVE-2015-3144SUSE Linux Enterprise Server 12
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
ModerateCVE-2015-3144SUSE bug 927608SUSE bug 951391CVE-2015-3145SUSE Linux Enterprise Server 12
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
ModerateCVE-2015-3145SUSE bug 927607CVE-2015-3148SUSE Linux Enterprise Server 12
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
ModerateCVE-2015-3148SUSE bug 1092962SUSE bug 927746CVE-2015-3152SUSE Linux Enterprise Server 12
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
ModerateCVE-2015-3152SUSE bug 1037590SUSE bug 1047059SUSE bug 1088681SUSE bug 924663SUSE bug 928962SUSE bug 936407CVE-2015-3153SUSE Linux Enterprise Server 12
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
ModerateCVE-2015-3153SUSE bug 928533SUSE bug 951391CVE-2015-3165SUSE Linux Enterprise Server 12
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
ModerateCVE-2015-3165SUSE bug 931972SUSE bug 931973SUSE bug 931974SUSE bug 932040CVE-2015-3166SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2015-3166SUSE bug 931972SUSE bug 931973SUSE bug 931974SUSE bug 932040CVE-2015-3167SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2015-3167SUSE bug 931972SUSE bug 931973SUSE bug 931974SUSE bug 932040CVE-2015-3183SUSE Linux Enterprise Server 12
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
ModerateCVE-2015-3183SUSE bug 938728SUSE bug 948325SUSE bug 949218CVE-2015-3185SUSE Linux Enterprise Server 12
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.
LowCVE-2015-3185SUSE bug 938723SUSE bug 939514SUSE bug 939516CVE-2015-3194SUSE Linux Enterprise Server 12
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
ImportantCVE-2015-3194SUSE bug 957812SUSE bug 957815SUSE bug 958768SUSE bug 976341SUSE bug 990370CVE-2015-3195SUSE Linux Enterprise Server 12
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
ModerateCVE-2015-3195SUSE bug 923755SUSE bug 957812SUSE bug 957815SUSE bug 958768SUSE bug 963977SUSE bug 986238CVE-2015-3196SUSE Linux Enterprise Server 12
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
ModerateCVE-2015-3196SUSE bug 957813CVE-2015-3197SUSE Linux Enterprise Server 12
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.
LowCVE-2015-3197SUSE bug 963410SUSE bug 963415SUSE bug 968044SUSE bug 968046CVE-2015-3202SUSE Linux Enterprise Server 12
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
ModerateCVE-2015-3202SUSE bug 931452CVE-2015-3209SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
ImportantCVE-2015-3209SUSE bug 932267SUSE bug 932770SUSE bug 932823CVE-2015-3212SUSE Linux Enterprise Server 12
Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.
ModerateCVE-2015-3212SUSE bug 936502CVE-2015-3214SUSE Linux Enterprise Server 12
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
ModerateCVE-2015-3214SUSE bug 934069SUSE bug 936025CVE-2015-3216SUSE Linux Enterprise Server 12
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.
ModerateCVE-2015-3216SUSE bug 933898CVE-2015-3218SUSE Linux Enterprise Server 12
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
ModerateCVE-2015-3218SUSE bug 933922SUSE bug 943816CVE-2015-3221SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.
ModerateCVE-2015-3221SUSE bug 935263CVE-2015-3223SUSE Linux Enterprise Server 12
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
ImportantCVE-2015-3223SUSE bug 958581CVE-2015-3228SUSE Linux Enterprise Server 12
Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.
ModerateCVE-2015-3228SUSE bug 939342CVE-2015-3241SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
ModerateCVE-2015-3241SUSE bug 935017CVE-2015-3247SUSE Linux Enterprise Server 12
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
ImportantCVE-2015-3247SUSE bug 944460CVE-2015-3255SUSE Linux Enterprise Server 12
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
ModerateCVE-2015-3255SUSE bug 939246SUSE bug 943816CVE-2015-3256SUSE Linux Enterprise Server 12
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
ModerateCVE-2015-3256SUSE bug 943816CVE-2015-3258SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.
ModerateCVE-2015-3258SUSE bug 921753SUSE bug 936281SUSE bug 937018CVE-2015-3259SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.
ModerateCVE-2015-3259SUSE bug 935634SUSE bug 936281SUSE bug 937018SUSE bug 950367CVE-2015-3279SUSE Linux Enterprise Server 12
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
ModerateCVE-2015-3279SUSE bug 921753SUSE bug 936281SUSE bug 937018CVE-2015-3280SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
ModerateCVE-2015-3280SUSE bug 1000443SUSE bug 944178CVE-2015-3281SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
ModerateCVE-2015-3281SUSE bug 937042SUSE bug 937202CVE-2015-3294SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5SUSE Linux Enterprise Server 12
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.
ModerateCVE-2015-3294SUSE bug 923144SUSE bug 928867CVE-2015-3331SUSE Linux Enterprise Server 12
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
CVE-2015-3331SUSE bug 927257SUSE bug 931231SUSE bug 939262CVE-2015-3332SUSE Linux Enterprise Server 12
A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.
ModerateCVE-2015-3332SUSE bug 903967SUSE bug 928135CVE-2015-3339SUSE Linux Enterprise Server 12
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.
ModerateCVE-2015-3339SUSE bug 903967SUSE bug 928130SUSE bug 939263CVE-2015-3340SUSE Linux Enterprise Server 12
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.
LowCVE-2015-3340SUSE bug 927967SUSE bug 929339CVE-2015-3405SUSE Linux Enterprise Server 12
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
ModerateCVE-2015-3405SUSE bug 924202SUSE bug 928321CVE-2015-3418SUSE Linux Enterprise Server 12
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.
ModerateCVE-2015-3418SUSE bug 928520CVE-2015-3451SUSE Linux Enterprise Server 12
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
LowCVE-2015-3451SUSE bug 929237CVE-2015-3456SUSE Linux Enterprise Server 12
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
ModerateCVE-2015-3456SUSE bug 929339SUSE bug 932770SUSE bug 935900CVE-2015-3622SUSE Linux Enterprise Server 12
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
LowCVE-2015-3622SUSE bug 929414CVE-2015-3627SUSE Linux Enterprise Server 12
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
ModerateCVE-2015-3627SUSE bug 930235SUSE bug 945060CVE-2015-3629SUSE Linux Enterprise Server 12
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
ModerateCVE-2015-3629SUSE bug 930235SUSE bug 945060CVE-2015-3630SUSE Linux Enterprise Server 12
Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.
ModerateCVE-2015-3630SUSE bug 930235SUSE bug 945060CVE-2015-3631SUSE Linux Enterprise Server 12
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.
ModerateCVE-2015-3631SUSE bug 930235SUSE bug 945060CVE-2015-3636SUSE Linux Enterprise Server 12
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
ModerateCVE-2015-3636SUSE bug 929525SUSE bug 939277SUSE bug 994624CVE-2015-3644SUSE Linux Enterprise Server 12
Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication.
ModerateCVE-2015-3644SUSE bug 931517CVE-2015-3811SUSE Linux Enterprise Server 12
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.
ModerateCVE-2015-3811SUSE bug 930689SUSE bug 930691CVE-2015-3812SUSE Linux Enterprise Server 12
Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet.
ModerateCVE-2015-3812SUSE bug 930689SUSE bug 930691CVE-2015-3813SUSE Linux Enterprise Server 12
The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet.
ModerateCVE-2015-3813SUSE bug 930689CVE-2015-3814SUSE Linux Enterprise Server 12
The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
ModerateCVE-2015-3814SUSE bug 930689SUSE bug 930691CVE-2015-4000SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5SUSE Linux Enterprise Server 12
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
ModerateCVE-2015-4000SUSE bug 1074631SUSE bug 931600SUSE bug 931698SUSE bug 931723SUSE bug 931845SUSE bug 932026SUSE bug 932483SUSE bug 934789SUSE bug 935033SUSE bug 935540SUSE bug 935979SUSE bug 936168SUSE bug 937202SUSE bug 937724SUSE bug 937766SUSE bug 938248SUSE bug 938432SUSE bug 938895SUSE bug 938905SUSE bug 938906SUSE bug 938913SUSE bug 938945SUSE bug 941696SUSE bug 943664SUSE bug 944729SUSE bug 945582SUSE bug 955589SUSE bug 980406SUSE bug 990592CVE-2015-4036SUSE Linux Enterprise Server 12
Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.
ModerateCVE-2015-4036SUSE bug 931988CVE-2015-4037SUSE Linux Enterprise Server 12
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
ModerateCVE-2015-4037SUSE bug 932267SUSE bug 950367CVE-2015-4041SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
LowCVE-2015-4041SUSE bug 928749CVE-2015-4042SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
LowCVE-2015-4042SUSE bug 928749CVE-2015-4103SUSE Linux Enterprise Server 12
Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.
ModerateCVE-2015-4103SUSE bug 931625CVE-2015-4104SUSE Linux Enterprise Server 12
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
ModerateCVE-2015-4104SUSE bug 931626CVE-2015-4105SUSE Linux Enterprise Server 12
Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.
ModerateCVE-2015-4105SUSE bug 931627CVE-2015-4106SUSE Linux Enterprise Server 12
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.
ModerateCVE-2015-4106SUSE bug 931628CVE-2015-4163SUSE Linux Enterprise Server 12
GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
ModerateCVE-2015-4163SUSE bug 932790CVE-2015-4164SUSE Linux Enterprise Server 12
The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.
ModerateCVE-2015-4164SUSE bug 932996SUSE bug 950367CVE-2015-4167SUSE Linux Enterprise Server 12
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.
ModerateCVE-2015-4167SUSE bug 917839SUSE bug 933907CVE-2015-4171SUSE Linux Enterprise Server 12
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.
LowCVE-2015-4171SUSE bug 931845SUSE bug 933591CVE-2015-4467SUSE Linux Enterprise Server 12
The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.
ModerateCVE-2015-4467SUSE bug 934524SUSE bug 934525SUSE bug 934529SUSE bug 934533CVE-2015-4468SUSE Linux Enterprise Server 12
Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
ModerateCVE-2015-4468SUSE bug 934524SUSE bug 934526SUSE bug 934529SUSE bug 934533CVE-2015-4469SUSE Linux Enterprise Server 12
The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
ModerateCVE-2015-4469SUSE bug 934524SUSE bug 934526SUSE bug 934529SUSE bug 934533CVE-2015-4470SUSE Linux Enterprise Server 12
Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.
ModerateCVE-2015-4470SUSE bug 934527SUSE bug 934533CVE-2015-4471SUSE Linux Enterprise Server 12
Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.
ModerateCVE-2015-4471SUSE bug 934528SUSE bug 934533CVE-2015-4472SUSE Linux Enterprise Server 12
Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.
ModerateCVE-2015-4472SUSE bug 934525SUSE bug 934529SUSE bug 934533CVE-2015-4473SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-4473SUSE bug 940806CVE-2015-4474SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-4474SUSE bug 940806CVE-2015-4475SUSE Linux Enterprise Server 12
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.
ModerateCVE-2015-4475SUSE bug 940806CVE-2015-4478SUSE Linux Enterprise Server 12
Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method.
ModerateCVE-2015-4478SUSE bug 940806CVE-2015-4479SUSE Linux Enterprise Server 12
Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.
ImportantCVE-2015-4479SUSE bug 940806CVE-2015-4484SUSE Linux Enterprise Server 12
The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object.
ModerateCVE-2015-4484SUSE bug 940806CVE-2015-4485SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.
ImportantCVE-2015-4485SUSE bug 940806CVE-2015-4486SUSE Linux Enterprise Server 12
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.
ImportantCVE-2015-4486SUSE bug 940806CVE-2015-4487SUSE Linux Enterprise Server 12
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
ModerateCVE-2015-4487SUSE bug 940806CVE-2015-4488SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.
ModerateCVE-2015-4488SUSE bug 940806CVE-2015-4489SUSE Linux Enterprise Server 12
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.
ModerateCVE-2015-4489SUSE bug 940806CVE-2015-4491SUSE Linux Enterprise Server 12
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
ModerateCVE-2015-4491SUSE bug 940806SUSE bug 942801SUSE bug 948790CVE-2015-4492SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object.
ModerateCVE-2015-4492SUSE bug 940806CVE-2015-4495SUSE Linux Enterprise Server 12
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
ImportantCVE-2015-4495SUSE bug 940806SUSE bug 940918CVE-2015-4497SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element.
ModerateCVE-2015-4497SUSE bug 943550SUSE bug 943557SUSE bug 943608CVE-2015-4498SUSE Linux Enterprise Server 12
The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.
ModerateCVE-2015-4498SUSE bug 943550SUSE bug 943558SUSE bug 943608CVE-2015-4500SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-4500SUSE bug 947003CVE-2015-4501SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-4501SUSE bug 947003CVE-2015-4506SUSE Linux Enterprise Server 12
Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file.
ModerateCVE-2015-4506SUSE bug 947003CVE-2015-4509SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176.
ImportantCVE-2015-4509SUSE bug 947003CVE-2015-4511SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video.
ModerateCVE-2015-4511SUSE bug 947003CVE-2015-4513SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-4513SUSE bug 952810CVE-2015-4517SUSE Linux Enterprise Server 12
NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
ModerateCVE-2015-4517SUSE bug 947003CVE-2015-4519SUSE Linux Enterprise Server 12
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element.
ModerateCVE-2015-4519SUSE bug 947003CVE-2015-4520SUSE Linux Enterprise Server 12
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header.
ModerateCVE-2015-4520SUSE bug 947003CVE-2015-4521SUSE Linux Enterprise Server 12
The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
ImportantCVE-2015-4521SUSE bug 947003CVE-2015-4522SUSE Linux Enterprise Server 12
The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
ImportantCVE-2015-4522SUSE bug 947003CVE-2015-4551SUSE Linux Enterprise Server 12
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.
ModerateCVE-2015-4551SUSE bug 893141SUSE bug 934423SUSE bug 936188SUSE bug 936190SUSE bug 940838CVE-2015-4620SUSE Linux Enterprise Server 12
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.
ModerateCVE-2015-4620SUSE bug 936476CVE-2015-4625SUSE Linux Enterprise Server 12
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
LowCVE-2015-4625SUSE bug 935119SUSE bug 943816CVE-2015-4692SUSE Linux Enterprise Server 12
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.
ModerateCVE-2015-4692SUSE bug 935542CVE-2015-4729SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.
ImportantCVE-2015-4729SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-4731SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
ImportantCVE-2015-4731SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-4732SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590.
ImportantCVE-2015-4732SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-4733SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
ImportantCVE-2015-4733SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-4734SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS.
ModerateCVE-2015-4734SUSE bug 951376SUSE bug 955131CVE-2015-4736SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
ImportantCVE-2015-4736SUSE bug 937828SUSE bug 938248CVE-2015-4748SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
ImportantCVE-2015-4748SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-4749SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI.
ImportantCVE-2015-4749SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-4760SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
ImportantCVE-2015-4760SUSE bug 937828SUSE bug 938248SUSE bug 938895CVE-2015-4792SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
ModerateCVE-2015-4792SUSE bug 951391SUSE bug 958789CVE-2015-4802SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.
ModerateCVE-2015-4802SUSE bug 951391SUSE bug 958789CVE-2015-4803SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911.
ModerateCVE-2015-4803SUSE bug 951376SUSE bug 955131CVE-2015-4805SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.
ModerateCVE-2015-4805SUSE bug 951376SUSE bug 955131CVE-2015-4806SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
ModerateCVE-2015-4806SUSE bug 951376SUSE bug 955131CVE-2015-4807SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.
ModerateCVE-2015-4807SUSE bug 951391SUSE bug 958789CVE-2015-4810SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
ModerateCVE-2015-4810SUSE bug 951376SUSE bug 955131CVE-2015-4815SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.
ModerateCVE-2015-4815SUSE bug 951391SUSE bug 958789CVE-2015-4816SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
ModerateCVE-2015-4816SUSE bug 951391SUSE bug 958790CVE-2015-4819SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.
ModerateCVE-2015-4819SUSE bug 951391SUSE bug 958790SUSE bug 969667CVE-2015-4826SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.
ModerateCVE-2015-4826SUSE bug 951391SUSE bug 958789CVE-2015-4830SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
ModerateCVE-2015-4830SUSE bug 951391SUSE bug 958789CVE-2015-4835SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881.
ModerateCVE-2015-4835SUSE bug 951376SUSE bug 955131CVE-2015-4836SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
ModerateCVE-2015-4836SUSE bug 951391SUSE bug 958789CVE-2015-4840SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D.
ModerateCVE-2015-4840SUSE bug 951376SUSE bug 955131CVE-2015-4842SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
ModerateCVE-2015-4842SUSE bug 951376SUSE bug 955131CVE-2015-4843SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
ModerateCVE-2015-4843SUSE bug 951376SUSE bug 955131CVE-2015-4844SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
ModerateCVE-2015-4844SUSE bug 951376SUSE bug 955131CVE-2015-4858SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.
ModerateCVE-2015-4858SUSE bug 951391SUSE bug 958789CVE-2015-4860SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883.
ModerateCVE-2015-4860SUSE bug 951376SUSE bug 955131CVE-2015-4861SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
ModerateCVE-2015-4861SUSE bug 951391SUSE bug 958789CVE-2015-4870SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.
ModerateCVE-2015-4870SUSE bug 951391SUSE bug 958789CVE-2015-4871SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
ModerateCVE-2015-4871SUSE bug 951376SUSE bug 955131CVE-2015-4872SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security.
ModerateCVE-2015-4872SUSE bug 951376SUSE bug 955131CVE-2015-4879SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.
ModerateCVE-2015-4879SUSE bug 951391SUSE bug 958790CVE-2015-4881SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835.
ImportantCVE-2015-4881SUSE bug 951376CVE-2015-4882SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA.
ModerateCVE-2015-4882SUSE bug 951376SUSE bug 955131CVE-2015-4883SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860.
ModerateCVE-2015-4883SUSE bug 951376SUSE bug 955131CVE-2015-4893SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911.
ModerateCVE-2015-4893SUSE bug 951376SUSE bug 955131CVE-2015-4895SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
ModerateCVE-2015-4895SUSE bug 951391SUSE bug 958790CVE-2015-4902SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.
ModerateCVE-2015-4902SUSE bug 951376SUSE bug 955131CVE-2015-4903SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI.
ModerateCVE-2015-4903SUSE bug 951376SUSE bug 955131CVE-2015-4911SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893.
ModerateCVE-2015-4911SUSE bug 951376SUSE bug 955131CVE-2015-4913SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.
ModerateCVE-2015-4913SUSE bug 951391SUSE bug 958789CVE-2015-5006SUSE Linux Enterprise Server 12
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.
ModerateCVE-2015-5006SUSE bug 955131CVE-2015-5041SUSE Linux Enterprise Server 12
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
ModerateCVE-2015-5041SUSE bug 960402SUSE bug 963937CVE-2015-5154SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
ModerateCVE-2015-5154SUSE bug 938344SUSE bug 950367CVE-2015-5156SUSE Linux Enterprise Server 12
The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.
ModerateCVE-2015-5156SUSE bug 1091815SUSE bug 1123903SUSE bug 940776SUSE bug 945048SUSE bug 951638CVE-2015-5157SUSE Linux Enterprise Server 12
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
ModerateCVE-2015-5157SUSE bug 937969SUSE bug 937970SUSE bug 938706SUSE bug 939207CVE-2015-5165SUSE Linux Enterprise Server 12
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
ModerateCVE-2015-5165SUSE bug 939712SUSE bug 950367CVE-2015-5166SUSE Linux Enterprise Server 12
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
ModerateCVE-2015-5166SUSE bug 939709SUSE bug 950367CVE-2015-5174SUSE Linux Enterprise Server 12
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
ModerateCVE-2015-5174SUSE bug 967967CVE-2015-5185SUSE Linux Enterprise Server 12
The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.
ModerateCVE-2015-5185SUSE bug 942628CVE-2015-5198SUSE Linux Enterprise Server 12
libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.
ModerateCVE-2015-5198SUSE bug 943967CVE-2015-5199SUSE Linux Enterprise Server 12
Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.
ModerateCVE-2015-5199SUSE bug 943968CVE-2015-5200SUSE Linux Enterprise Server 12
The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.
ModerateCVE-2015-5200SUSE bug 943969CVE-2015-5212SUSE Linux Enterprise Server 12
Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.
ModerateCVE-2015-5212SUSE bug 934423SUSE bug 936188CVE-2015-5213SUSE Linux Enterprise Server 12
Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.
ModerateCVE-2015-5213SUSE bug 934423SUSE bug 936190CVE-2015-5214SUSE Linux Enterprise Server 12
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.
ModerateCVE-2015-5214SUSE bug 934423SUSE bug 940838CVE-2015-5239SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2015-5239SUSE bug 944463SUSE bug 950367CVE-2015-5240SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.
ModerateCVE-2015-5240SUSE bug 943648CVE-2015-5252SUSE Linux Enterprise Server 12
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
ImportantCVE-2015-5252SUSE bug 958582CVE-2015-5260SUSE Linux Enterprise Server 12
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
ModerateCVE-2015-5260SUSE bug 944787CVE-2015-5261SUSE Linux Enterprise Server 12
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
ModerateCVE-2015-5261SUSE bug 948976SUSE bug 982386CVE-2015-5276SUSE Linux Enterprise Server 12
The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
LowCVE-2015-5276SUSE bug 945842CVE-2015-5278SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2015-5278SUSE bug 945989SUSE bug 964947CVE-2015-5279SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
ModerateCVE-2015-5279SUSE bug 945987CVE-2015-5283SUSE Linux Enterprise Server 12
The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.
ModerateCVE-2015-5283SUSE bug 947155CVE-2015-5288SUSE Linux Enterprise Server 12
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
ModerateCVE-2015-5288SUSE bug 949669SUSE bug 949670CVE-2015-5289SUSE Linux Enterprise Server 12
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
ModerateCVE-2015-5289SUSE bug 949669SUSE bug 949670CVE-2015-5296SUSE Linux Enterprise Server 12
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
ModerateCVE-2015-5296SUSE bug 1058622SUSE bug 958584SUSE bug 973031CVE-2015-5299SUSE Linux Enterprise Server 12
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
ModerateCVE-2015-5299SUSE bug 958583CVE-2015-5300SUSE Linux Enterprise Server 12
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
ModerateCVE-2015-5300SUSE bug 951629SUSE bug 959243CVE-2015-5307SUSE Linux Enterprise Server 12
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
ModerateCVE-2015-5307SUSE bug 953527SUSE bug 954018SUSE bug 954404SUSE bug 954405SUSE bug 962977CVE-2015-5312SUSE Linux Enterprise Server 12
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
ModerateCVE-2015-5312SUSE bug 1123919SUSE bug 957105SUSE bug 959469CVE-2015-5313SUSE Linux Enterprise Server 12
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
ModerateCVE-2015-5313SUSE bug 953110CVE-2015-5330SUSE Linux Enterprise Server 12
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.
ModerateCVE-2015-5330SUSE bug 958581SUSE bug 958586CVE-2015-5345SUSE Linux Enterprise Server 12
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
ModerateCVE-2015-5345SUSE bug 967965CVE-2015-5346SUSE Linux Enterprise Server 12
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.
ImportantCVE-2015-5346SUSE bug 967814CVE-2015-5351SUSE Linux Enterprise Server 12
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
ImportantCVE-2015-5351SUSE bug 967812CVE-2015-5352SUSE Linux Enterprise Server 12
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
ModerateCVE-2015-5352SUSE bug 1074631SUSE bug 1138392SUSE bug 936695SUSE bug 938277SUSE bug 948086SUSE bug 996040CVE-2015-5364SUSE Linux Enterprise Server 12
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.
ModerateCVE-2015-5364SUSE bug 781018SUSE bug 936831SUSE bug 939276SUSE bug 945112CVE-2015-5366SUSE Linux Enterprise Server 12
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.
ModerateCVE-2015-5366SUSE bug 781018SUSE bug 936831SUSE bug 939276SUSE bug 945112CVE-2015-5370SUSE Linux Enterprise Server 12
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.
ImportantCVE-2015-5370SUSE bug 936862SUSE bug 975276CVE-2015-5477SUSE Linux Enterprise Server 12
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
ModerateCVE-2015-5477SUSE bug 1000362SUSE bug 939567SUSE bug 980168CVE-2015-5600SUSE Linux Enterprise Server 12
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
ModerateCVE-2015-5600SUSE bug 1009988SUSE bug 1074631SUSE bug 1138392SUSE bug 938746SUSE bug 943006SUSE bug 943007SUSE bug 943010SUSE bug 943504SUSE bug 945985SUSE bug 948086SUSE bug 954457SUSE bug 957883SUSE bug 996040CVE-2015-5621SUSE Linux Enterprise Server 12
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
ModerateCVE-2015-5621SUSE bug 1111123SUSE bug 940188CVE-2015-5697SUSE Linux Enterprise Server 12
The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.
LowCVE-2015-5697SUSE bug 939994SUSE bug 963994CVE-2015-5707SUSE Linux Enterprise Server 12
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.
ModerateCVE-2015-5707SUSE bug 923755SUSE bug 940338SUSE bug 940342SUSE bug 963994CVE-2015-5722SUSE Linux Enterprise Server 12
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.
ImportantCVE-2015-5722SUSE bug 944066SUSE bug 944107SUSE bug 954983SUSE bug 958861CVE-2015-5745SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
LowCVE-2015-5745SUSE bug 940929SUSE bug 950367CVE-2015-6241SUSE Linux Enterprise Server 12
The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-6241SUSE bug 941500CVE-2015-6242SUSE Linux Enterprise Server 12
The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet.
ModerateCVE-2015-6242SUSE bug 941500CVE-2015-6243SUSE Linux Enterprise Server 12
The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions.
ModerateCVE-2015-6243SUSE bug 941500CVE-2015-6244SUSE Linux Enterprise Server 12
The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-6244SUSE bug 941500CVE-2015-6245SUSE Linux Enterprise Server 12
epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
ModerateCVE-2015-6245SUSE bug 941500CVE-2015-6246SUSE Linux Enterprise Server 12
The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-6246SUSE bug 941500CVE-2015-6247SUSE Linux Enterprise Server 12
The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
ModerateCVE-2015-6247SUSE bug 941500CVE-2015-6248SUSE Linux Enterprise Server 12
The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-6248SUSE bug 941500CVE-2015-6249SUSE Linux Enterprise Server 12
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-6249SUSE bug 941500CVE-2015-6251SUSE Linux Enterprise Server 12
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.
ModerateCVE-2015-6251SUSE bug 941794CVE-2015-6252SUSE Linux Enterprise Server 12
The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.
LowCVE-2015-6252SUSE bug 942367CVE-2015-6496SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet.
ModerateCVE-2015-6496SUSE bug 942149CVE-2015-6563SUSE Linux Enterprise Server 12
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
ModerateCVE-2015-6563SUSE bug 1074631SUSE bug 943006SUSE bug 943007SUSE bug 943010SUSE bug 948086SUSE bug 996040CVE-2015-6564SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
ModerateCVE-2015-6564SUSE bug 1074631SUSE bug 1138392SUSE bug 942850SUSE bug 943006SUSE bug 943007SUSE bug 943010SUSE bug 948086SUSE bug 996040CVE-2015-6749SUSE Linux Enterprise Server 12
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.
ModerateCVE-2015-6749SUSE bug 943795CVE-2015-6815SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
LowCVE-2015-6815SUSE bug 944697SUSE bug 950367CVE-2015-6855SUSE Linux Enterprise Server 12
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.
LowCVE-2015-6855SUSE bug 945404SUSE bug 965156CVE-2015-6908SUSE Linux Enterprise Server 12
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
ImportantCVE-2015-6908SUSE bug 945582CVE-2015-6937SUSE Linux Enterprise Server 12
The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.
ModerateCVE-2015-6937SUSE bug 923755SUSE bug 945825SUSE bug 952384SUSE bug 953052SUSE bug 963994CVE-2015-7174SUSE Linux Enterprise Server 12
The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
ImportantCVE-2015-7174SUSE bug 947003CVE-2015-7175SUSE Linux Enterprise Server 12
The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
ImportantCVE-2015-7175SUSE bug 947003CVE-2015-7176SUSE Linux Enterprise Server 12
The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.
ImportantCVE-2015-7176SUSE bug 947003CVE-2015-7177SUSE Linux Enterprise Server 12
The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
ImportantCVE-2015-7177SUSE bug 947003CVE-2015-7180SUSE Linux Enterprise Server 12
The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
ImportantCVE-2015-7180SUSE bug 947003CVE-2015-7181SUSE Linux Enterprise Server 12
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
CriticalCVE-2015-7181SUSE bug 952810CVE-2015-7182SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
CriticalCVE-2015-7182SUSE bug 952810CVE-2015-7183SUSE Linux Enterprise Server 12
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
CriticalCVE-2015-7183SUSE bug 952810SUSE bug 962977CVE-2015-7188SUSE Linux Enterprise Server 12
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string.
ModerateCVE-2015-7188SUSE bug 952810CVE-2015-7189SUSE Linux Enterprise Server 12
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code.
ModerateCVE-2015-7189SUSE bug 952810CVE-2015-7193SUSE Linux Enterprise Server 12
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.
ModerateCVE-2015-7193SUSE bug 952810CVE-2015-7194SUSE Linux Enterprise Server 12
Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive.
ModerateCVE-2015-7194SUSE bug 952810CVE-2015-7196SUSE Linux Enterprise Server 12
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.
ModerateCVE-2015-7196SUSE bug 952810CVE-2015-7197SUSE Linux Enterprise Server 12
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.
ModerateCVE-2015-7197SUSE bug 952810CVE-2015-7198SUSE Linux Enterprise Server 12
Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data.
ImportantCVE-2015-7198SUSE bug 952810CVE-2015-7199SUSE Linux Enterprise Server 12
The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document.
CriticalCVE-2015-7199SUSE bug 952810CVE-2015-7200SUSE Linux Enterprise Server 12
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.
CriticalCVE-2015-7200SUSE bug 952810CVE-2015-7201SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-7201SUSE bug 959277CVE-2015-7202SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-7202SUSE bug 959277CVE-2015-7205SUSE Linux Enterprise Server 12
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.
ModerateCVE-2015-7205SUSE bug 959277CVE-2015-7210SUSE Linux Enterprise Server 12
Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.
ImportantCVE-2015-7210SUSE bug 959277CVE-2015-7212SUSE Linux Enterprise Server 12
Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.
ModerateCVE-2015-7212SUSE bug 959277CVE-2015-7213SUSE Linux Enterprise Server 12
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
ModerateCVE-2015-7213SUSE bug 959277CVE-2015-7214SUSE Linux Enterprise Server 12
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.
ModerateCVE-2015-7214SUSE bug 959277CVE-2015-7222SUSE Linux Enterprise Server 12
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
ModerateCVE-2015-7222SUSE bug 959277CVE-2015-7236SUSE Linux Enterprise Server 12
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
ImportantCVE-2015-7236SUSE bug 940191SUSE bug 946204CVE-2015-7295SUSE Linux Enterprise Server 12
hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface.
ModerateCVE-2015-7295SUSE bug 947159SUSE bug 950367CVE-2015-7311SUSE Linux Enterprise Server 12
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
LowCVE-2015-7311SUSE bug 947165SUSE bug 950367CVE-2015-7497SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
ModerateCVE-2015-7497SUSE bug 1123919SUSE bug 957106SUSE bug 959469CVE-2015-7498SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
ModerateCVE-2015-7498SUSE bug 1123919SUSE bug 957107SUSE bug 959469CVE-2015-7499SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
ModerateCVE-2015-7499SUSE bug 1123919SUSE bug 957109SUSE bug 959469CVE-2015-7500SUSE Linux Enterprise Server 12
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
ModerateCVE-2015-7500SUSE bug 1123919SUSE bug 957110SUSE bug 959469CVE-2015-7504SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
ModerateCVE-2015-7504SUSE bug 956411CVE-2015-7511SUSE Linux Enterprise Server 12
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.
ModerateCVE-2015-7511SUSE bug 965902CVE-2015-7512SUSE Linux Enterprise Server 12
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
ImportantCVE-2015-7512SUSE bug 957162SUSE bug 962360CVE-2015-7545SUSE Linux Enterprise Server 12
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
ModerateCVE-2015-7545SUSE bug 948969SUSE bug 973177SUSE bug 978391CVE-2015-7547SUSE Linux Enterprise Server 12
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
ImportantCVE-2015-7547SUSE bug 1077097SUSE bug 847227SUSE bug 961721SUSE bug 967023SUSE bug 967061SUSE bug 967072SUSE bug 967496SUSE bug 969216SUSE bug 969241SUSE bug 986086CVE-2015-7549SUSE Linux Enterprise Server 12
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.
LowCVE-2015-7549SUSE bug 958917SUSE bug 958918CVE-2015-7550SUSE Linux Enterprise Server 12
The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls.
ModerateCVE-2015-7550SUSE bug 1052256SUSE bug 958951CVE-2015-7552SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.
ModerateCVE-2015-7552SUSE bug 958963CVE-2015-7554SUSE Linux Enterprise Server 12
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
ImportantCVE-2015-7554SUSE bug 1007276SUSE bug 1017690SUSE bug 1040322SUSE bug 960341SUSE bug 974621SUSE bug 983436CVE-2015-7555SUSE Linux Enterprise Server 12
Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file.
ModerateCVE-2015-7555SUSE bug 960319CVE-2015-7560SUSE Linux Enterprise Server 12
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
ModerateCVE-2015-7560SUSE bug 968222CVE-2015-7575SUSE Linux Enterprise Server 12
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
ModerateCVE-2015-7575SUSE bug 959888SUSE bug 960402SUSE bug 960996SUSE bug 961280SUSE bug 961281SUSE bug 961282SUSE bug 961283SUSE bug 961284SUSE bug 961290SUSE bug 961357SUSE bug 962743SUSE bug 963937SUSE bug 967521SUSE bug 981087CVE-2015-7613SUSE Linux Enterprise Server 12
Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.
ModerateCVE-2015-7613SUSE bug 923755SUSE bug 948536SUSE bug 948701SUSE bug 963994CVE-2015-7673SUSE Linux Enterprise Server 12
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
ModerateCVE-2015-7673SUSE bug 948790CVE-2015-7674SUSE Linux Enterprise Server 12
Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.
ModerateCVE-2015-7674SUSE bug 948791CVE-2015-7691SUSE Linux Enterprise Server 12
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
ImportantCVE-2015-7691SUSE bug 1010964SUSE bug 911792SUSE bug 951608SUSE bug 959243CVE-2015-7692SUSE Linux Enterprise Server 12
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
ImportantCVE-2015-7692SUSE bug 1010964SUSE bug 911792SUSE bug 951608SUSE bug 959243CVE-2015-7701SUSE Linux Enterprise Server 12
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
ModerateCVE-2015-7701SUSE bug 1010964SUSE bug 951608SUSE bug 959243CVE-2015-7702SUSE Linux Enterprise Server 12
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
ImportantCVE-2015-7702SUSE bug 1010964SUSE bug 911792SUSE bug 951608SUSE bug 959243CVE-2015-7703SUSE Linux Enterprise Server 12
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
ModerateCVE-2015-7703SUSE bug 1010964SUSE bug 943216SUSE bug 943218SUSE bug 943219SUSE bug 943221SUSE bug 951608SUSE bug 959243CVE-2015-7704SUSE Linux Enterprise Server 12
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
ModerateCVE-2015-7704SUSE bug 1010964SUSE bug 951608SUSE bug 952611SUSE bug 959243SUSE bug 977446CVE-2015-7705SUSE Linux Enterprise Server 12
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
ModerateCVE-2015-7705SUSE bug 1010964SUSE bug 951608SUSE bug 952611SUSE bug 959243CVE-2015-7713SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
ModerateCVE-2015-7713SUSE bug 949070CVE-2015-7799SUSE Linux Enterprise Server 12
The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call.
LowCVE-2015-7799SUSE bug 1052256SUSE bug 949936SUSE bug 951638CVE-2015-7805SUSE Linux Enterprise Server 12
Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.
ModerateCVE-2015-7805SUSE bug 953516SUSE bug 953519CVE-2015-7830SUSE Linux Enterprise Server 12
The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying.
ModerateCVE-2015-7830SUSE bug 950437SUSE bug 960382CVE-2015-7835SUSE Linux Enterprise Server 12
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
ImportantCVE-2015-7835SUSE bug 940929SUSE bug 947159SUSE bug 950367CVE-2015-7848SUSE Linux Enterprise Server 12
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.
ModerateCVE-2015-7848SUSE bug 1010964SUSE bug 951608SUSE bug 959243CVE-2015-7849SUSE Linux Enterprise Server 12
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
ModerateCVE-2015-7849SUSE bug 1010964SUSE bug 951608SUSE bug 959243CVE-2015-7850SUSE Linux Enterprise Server 12
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
ModerateCVE-2015-7850SUSE bug 1010964SUSE bug 951608SUSE bug 959243CVE-2015-7851SUSE Linux Enterprise Server 12
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2015-7851SUSE bug 1010964SUSE bug 951608SUSE bug 959243CVE-2015-7852SUSE Linux Enterprise Server 12
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
ModerateCVE-2015-7852SUSE bug 1010964SUSE bug 951608SUSE bug 959243CVE-2015-7853SUSE Linux Enterprise Server 12
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
ModerateCVE-2015-7853SUSE bug 1010964SUSE bug 951608SUSE bug 959243CVE-2015-7854SUSE Linux Enterprise Server 12
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
ModerateCVE-2015-7854SUSE bug 1010964SUSE bug 951608SUSE bug 959243CVE-2015-7855SUSE Linux Enterprise Server 12
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
ModerateCVE-2015-7855SUSE bug 1010964SUSE bug 951608SUSE bug 959243CVE-2015-7871SUSE Linux Enterprise Server 12
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
ModerateCVE-2015-7871SUSE bug 1010964SUSE bug 951608SUSE bug 952606SUSE bug 959243CVE-2015-7872SUSE Linux Enterprise Server 12
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
ImportantCVE-2015-7872SUSE bug 951440SUSE bug 951542SUSE bug 951638SUSE bug 958463CVE-2015-7941SUSE Linux Enterprise Server 12
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.
LowCVE-2015-7941SUSE bug 1123919SUSE bug 951734SUSE bug 951735CVE-2015-7942SUSE Linux Enterprise Server 12
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
LowCVE-2015-7942SUSE bug 1123919SUSE bug 951735CVE-2015-7969SUSE Linux Enterprise Server 12
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.
ModerateCVE-2015-7969SUSE bug 950703SUSE bug 950705CVE-2015-7970SUSE Linux Enterprise Server 12
The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand.
ModerateCVE-2015-7970SUSE bug 950704CVE-2015-7971SUSE Linux Enterprise Server 12
Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.
ModerateCVE-2015-7971SUSE bug 950706CVE-2015-7972SUSE Linux Enterprise Server 12
The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to "heavy memory pressure."
ModerateCVE-2015-7972SUSE bug 950704SUSE bug 951845CVE-2015-7973SUSE Linux Enterprise Server 12
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
ModerateCVE-2015-7973SUSE bug 959243SUSE bug 962995CVE-2015-7974SUSE Linux Enterprise Server 12
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
LowCVE-2015-7974SUSE bug 959243SUSE bug 962960SUSE bug 962995CVE-2015-7975SUSE Linux Enterprise Server 12
The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).
LowCVE-2015-7975SUSE bug 959243SUSE bug 962988SUSE bug 962995CVE-2015-7976SUSE Linux Enterprise Server 12
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
LowCVE-2015-7976SUSE bug 962802SUSE bug 962995CVE-2015-7977SUSE Linux Enterprise Server 12
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
ModerateCVE-2015-7977SUSE bug 959243SUSE bug 962970SUSE bug 962995CVE-2015-7978SUSE Linux Enterprise Server 12
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.
ModerateCVE-2015-7978SUSE bug 959243SUSE bug 962970SUSE bug 962995SUSE bug 963000CVE-2015-7979SUSE Linux Enterprise Server 12
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
ModerateCVE-2015-7979SUSE bug 959243SUSE bug 962784SUSE bug 962995SUSE bug 977459SUSE bug 982065CVE-2015-7981SUSE Linux Enterprise Server 12
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
ModerateCVE-2015-7981SUSE bug 952051SUSE bug 960402SUSE bug 963937CVE-2015-7990SUSE Linux Enterprise Server 12
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937.
LowCVE-2015-7990SUSE bug 945825SUSE bug 952384SUSE bug 953052CVE-2015-8000SUSE Linux Enterprise Server 12
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
ModerateCVE-2015-8000SUSE bug 944066SUSE bug 958861CVE-2015-8023SUSE Linux Enterprise Server 12
The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.
ImportantCVE-2015-8023SUSE bug 953817CVE-2015-8025SUSE Linux Enterprise Server 12
driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.
ModerateCVE-2015-8025SUSE bug 952062CVE-2015-8035SUSE Linux Enterprise Server 12
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
LowCVE-2015-8035SUSE bug 1088279SUSE bug 1105166SUSE bug 954429CVE-2015-8075SUSE Linux Enterprise Server 12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
ModerateCVE-2015-8075SUSE bug 953516SUSE bug 953519CVE-2015-8076SUSE Linux Enterprise Server 12
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
ModerateCVE-2015-8076SUSE bug 954200SUSE bug 954201SUSE bug 981670CVE-2015-8077SUSE Linux Enterprise Server 12
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
ModerateCVE-2015-8077SUSE bug 954200SUSE bug 954201SUSE bug 981670CVE-2015-8078SUSE Linux Enterprise Server 12
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
ModerateCVE-2015-8078SUSE bug 954201SUSE bug 981670CVE-2015-8104SUSE Linux Enterprise Server 12
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
ModerateCVE-2015-8104SUSE bug 953527SUSE bug 954018SUSE bug 954404SUSE bug 954405SUSE bug 962977CVE-2015-8126SUSE Linux Enterprise Server 12
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
ModerateCVE-2015-8126SUSE bug 954980SUSE bug 958198SUSE bug 960402SUSE bug 962743SUSE bug 963937SUSE bug 969333CVE-2015-8138SUSE Linux Enterprise Server 12
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
ModerateCVE-2015-8138SUSE bug 951608SUSE bug 959243SUSE bug 963002SUSE bug 974668SUSE bug 977446CVE-2015-8139SUSE Linux Enterprise Server 12
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
ModerateCVE-2015-8139SUSE bug 1010964SUSE bug 959243SUSE bug 962997CVE-2015-8140SUSE Linux Enterprise Server 12
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
ModerateCVE-2015-8140SUSE bug 1010964SUSE bug 959243SUSE bug 962994CVE-2015-8158SUSE Linux Enterprise Server 12
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
LowCVE-2015-8158SUSE bug 959243SUSE bug 962966CVE-2015-8241SUSE Linux Enterprise Server 12
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
ModerateCVE-2015-8241SUSE bug 1123919SUSE bug 956018SUSE bug 959469CVE-2015-8242SUSE Linux Enterprise Server 12
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
ModerateCVE-2015-8242SUSE bug 1123919SUSE bug 956021SUSE bug 959469CVE-2015-8317SUSE Linux Enterprise Server 12
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
ModerateCVE-2015-8317SUSE bug 1123919SUSE bug 956260SUSE bug 959469CVE-2015-8325SUSE Linux Enterprise Server 12
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
ModerateCVE-2015-8325SUSE bug 1016709SUSE bug 1138392SUSE bug 975865SUSE bug 996040CVE-2015-8327SUSE Linux Enterprise Server 12
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
ModerateCVE-2015-8327SUSE bug 1027197SUSE bug 957531CVE-2015-8339SUSE Linux Enterprise Server 12
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.
ModerateCVE-2015-8339SUSE bug 956408CVE-2015-8340SUSE Linux Enterprise Server 12
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling.
ModerateCVE-2015-8340SUSE bug 956408CVE-2015-8341SUSE Linux Enterprise Server 12
The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.
ModerateCVE-2015-8341SUSE bug 956409CVE-2015-8345SUSE Linux Enterprise Server 12
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
ModerateCVE-2015-8345SUSE bug 956829SUSE bug 956832CVE-2015-8370SUSE Linux Enterprise Server 12
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
ModerateCVE-2015-8370SUSE bug 956631CVE-2015-8467SUSE Linux Enterprise Server 12
The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.
ModerateCVE-2015-8467SUSE bug 958585CVE-2015-8472SUSE Linux Enterprise Server 12
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
ModerateCVE-2015-8472SUSE bug 954980SUSE bug 958198SUSE bug 960402SUSE bug 963937CVE-2015-8504SUSE Linux Enterprise Server 12
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
ModerateCVE-2015-8504SUSE bug 958491SUSE bug 958493CVE-2015-8539SUSE Linux Enterprise Server 12
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.
ImportantCVE-2015-8539SUSE bug 781018SUSE bug 958463SUSE bug 958601CVE-2015-8540SUSE Linux Enterprise Server 12
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
ModerateCVE-2015-8540SUSE bug 1149680SUSE bug 958791SUSE bug 963937CVE-2015-8543SUSE Linux Enterprise Server 12
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.
ModerateCVE-2015-8543SUSE bug 1052256SUSE bug 923755SUSE bug 958886SUSE bug 963994SUSE bug 969522CVE-2015-8550SUSE Linux Enterprise Server 12
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
ImportantCVE-2015-8550SUSE bug 1052256SUSE bug 957988CVE-2015-8551SUSE Linux Enterprise Server 12
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."
ModerateCVE-2015-8551SUSE bug 957990SUSE bug 990058CVE-2015-8552SUSE Linux Enterprise Server 12
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."
ModerateCVE-2015-8552SUSE bug 957990SUSE bug 990058CVE-2015-8554SUSE Linux Enterprise Server 12
Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path."
ModerateCVE-2015-8554SUSE bug 958007CVE-2015-8555SUSE Linux Enterprise Server 12
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.
LowCVE-2015-8555SUSE bug 958009CVE-2015-8558SUSE Linux Enterprise Server 12
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
LowCVE-2015-8558SUSE bug 959005SUSE bug 959006SUSE bug 976109SUSE bug 976111CVE-2015-8567SUSE Linux Enterprise Server 12
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
LowCVE-2015-8567SUSE bug 959386SUSE bug 959387CVE-2015-8568SUSE Linux Enterprise Server 12
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.
LowCVE-2015-8568SUSE bug 959386SUSE bug 959387CVE-2015-8569SUSE Linux Enterprise Server 12
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
LowCVE-2015-8569SUSE bug 923755SUSE bug 959190SUSE bug 959399SUSE bug 963994CVE-2015-8575SUSE Linux Enterprise Server 12
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
ModerateCVE-2015-8575SUSE bug 959190SUSE bug 959399CVE-2015-8605SUSE Linux Enterprise Server 12
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
ModerateCVE-2015-8605SUSE bug 961305CVE-2015-8613SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.
LowCVE-2015-8613SUSE bug 961358SUSE bug 961556CVE-2015-8619SUSE Linux Enterprise Server 12
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
LowCVE-2015-8619SUSE bug 960334SUSE bug 965269CVE-2015-8629SUSE Linux Enterprise Server 12
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
LowCVE-2015-8629SUSE bug 770172SUSE bug 963968CVE-2015-8630SUSE Linux Enterprise Server 12
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
LowCVE-2015-8630SUSE bug 963964CVE-2015-8631SUSE Linux Enterprise Server 12
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
ModerateCVE-2015-8631SUSE bug 963975CVE-2015-8704SUSE Linux Enterprise Server 12
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.
ModerateCVE-2015-8704SUSE bug 962189SUSE bug 962190CVE-2015-8709SUSE Linux Enterprise Server 12
** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here."
ModerateCVE-2015-8709SUSE bug 1010933SUSE bug 959709SUSE bug 960561SUSE bug 960563CVE-2015-8710SUSE Linux Enterprise Server 12
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.
ModerateCVE-2015-8710SUSE bug 1123919SUSE bug 960674CVE-2015-8711SUSE Linux Enterprise Server 12
epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
ModerateCVE-2015-8711SUSE bug 960382CVE-2015-8712SUSE Linux Enterprise Server 12
The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-8712SUSE bug 960382CVE-2015-8713SUSE Linux Enterprise Server 12
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.
ModerateCVE-2015-8713SUSE bug 960382CVE-2015-8714SUSE Linux Enterprise Server 12
The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-8714SUSE bug 960382CVE-2015-8715SUSE Linux Enterprise Server 12
epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
ModerateCVE-2015-8715SUSE bug 960382CVE-2015-8716SUSE Linux Enterprise Server 12
The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-8716SUSE bug 960382CVE-2015-8717SUSE Linux Enterprise Server 12
The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-8717SUSE bug 960382CVE-2015-8718SUSE Linux Enterprise Server 12
Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-8718SUSE bug 960382CVE-2015-8719SUSE Linux Enterprise Server 12
The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-8719SUSE bug 960382CVE-2015-8720SUSE Linux Enterprise Server 12
The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-8720SUSE bug 960382CVE-2015-8721SUSE Linux Enterprise Server 12
Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression.
ModerateCVE-2015-8721SUSE bug 960382CVE-2015-8722SUSE Linux Enterprise Server 12
epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
ModerateCVE-2015-8722SUSE bug 960382CVE-2015-8723SUSE Linux Enterprise Server 12
The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
ModerateCVE-2015-8723SUSE bug 960382CVE-2015-8724SUSE Linux Enterprise Server 12
The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
ModerateCVE-2015-8724SUSE bug 960382CVE-2015-8725SUSE Linux Enterprise Server 12
The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
ModerateCVE-2015-8725SUSE bug 960382CVE-2015-8726SUSE Linux Enterprise Server 12
wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
ModerateCVE-2015-8726SUSE bug 960382CVE-2015-8727SUSE Linux Enterprise Server 12
The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
ModerateCVE-2015-8727SUSE bug 960382CVE-2015-8728SUSE Linux Enterprise Server 12
The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet.
ModerateCVE-2015-8728SUSE bug 960382CVE-2015-8729SUSE Linux Enterprise Server 12
The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
ModerateCVE-2015-8729SUSE bug 960382CVE-2015-8730SUSE Linux Enterprise Server 12
epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.
ModerateCVE-2015-8730SUSE bug 960382CVE-2015-8731SUSE Linux Enterprise Server 12
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
ModerateCVE-2015-8731SUSE bug 960382CVE-2015-8732SUSE Linux Enterprise Server 12
The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
ModerateCVE-2015-8732SUSE bug 960382CVE-2015-8733SUSE Linux Enterprise Server 12
The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
ModerateCVE-2015-8733SUSE bug 960382CVE-2015-8743SUSE Linux Enterprise Server 12
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.
ModerateCVE-2015-8743SUSE bug 960725SUSE bug 960726CVE-2015-8744SUSE Linux Enterprise Server 12
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.
LowCVE-2015-8744SUSE bug 960835SUSE bug 960836CVE-2015-8745SUSE Linux Enterprise Server 12
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.
LowCVE-2015-8745SUSE bug 960707SUSE bug 960708CVE-2015-8767SUSE Linux Enterprise Server 12
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
LowCVE-2015-8767SUSE bug 961509CVE-2015-8776SUSE Linux Enterprise Server 12
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
LowCVE-2015-8776SUSE bug 962736SUSE bug 986086CVE-2015-8777SUSE Linux Enterprise Server 12
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
LowCVE-2015-8777SUSE bug 950944SUSE bug 962735CVE-2015-8778SUSE Linux Enterprise Server 12
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
LowCVE-2015-8778SUSE bug 962737SUSE bug 986086CVE-2015-8779SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
ModerateCVE-2015-8779SUSE bug 962739SUSE bug 965453SUSE bug 986086CVE-2015-8785SUSE Linux Enterprise Server 12
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
LowCVE-2015-8785SUSE bug 963765CVE-2015-8803SUSE Linux Enterprise Server 12
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
ModerateCVE-2015-8803SUSE bug 964845CVE-2015-8804SUSE Linux Enterprise Server 12
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
ModerateCVE-2015-8804SUSE bug 964847CVE-2015-8805SUSE Linux Enterprise Server 12
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
ModerateCVE-2015-8805SUSE bug 964849CVE-2015-8806SUSE Linux Enterprise Server 12
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
ModerateCVE-2015-8806SUSE bug 963963SUSE bug 965283SUSE bug 981114CVE-2015-8812SUSE Linux Enterprise Server 12
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
ModerateCVE-2015-8812SUSE bug 966437SUSE bug 966683CVE-2015-8816SUSE Linux Enterprise Server 12
The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.
ModerateCVE-2015-8816SUSE bug 968010SUSE bug 979064CVE-2015-8817SUSE Linux Enterprise Server 12
QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS.
ModerateCVE-2015-8817SUSE bug 969121SUSE bug 969122SUSE bug 969125SUSE bug 969126CVE-2015-8818SUSE Linux Enterprise Server 12
The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors.
ModerateCVE-2015-8818SUSE bug 969122SUSE bug 969125SUSE bug 969126CVE-2015-8842SUSE Linux Enterprise Server 12
tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.
LowCVE-2015-8842SUSE bug 972612CVE-2015-8845SUSE Linux Enterprise Server 12
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
ModerateCVE-2015-8845SUSE bug 975531SUSE bug 975533SUSE bug 990058CVE-2015-8868SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
ModerateCVE-2015-8868SUSE bug 976844CVE-2015-8899SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
ModerateCVE-2015-8899SUSE bug 983273CVE-2016-0264SUSE Linux Enterprise Server 12
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
ModerateCVE-2016-0264SUSE bug 977648SUSE bug 979252CVE-2016-0363SUSE Linux Enterprise Server 12
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
ImportantCVE-2016-0363SUSE bug 977650SUSE bug 979252CVE-2016-0376SUSE Linux Enterprise Server 12
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
ImportantCVE-2016-0376SUSE bug 977646SUSE bug 977650SUSE bug 979252SUSE bug 981057SUSE bug 981060SUSE bug 981087CVE-2016-0402SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking.
ImportantCVE-2016-0402SUSE bug 960402SUSE bug 962743SUSE bug 963937CVE-2016-0448SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.
ImportantCVE-2016-0448SUSE bug 960402SUSE bug 962743SUSE bug 963937CVE-2016-0466SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.
ImportantCVE-2016-0466SUSE bug 960402SUSE bug 962743SUSE bug 963937CVE-2016-0483SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.
ImportantCVE-2016-0483SUSE bug 960402SUSE bug 962743SUSE bug 963937CVE-2016-0494SUSE Linux Enterprise Server 12
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
ImportantCVE-2016-0494SUSE bug 962743SUSE bug 963937CVE-2016-0505SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.
ModerateCVE-2016-0505SUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904CVE-2016-0546SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.
ImportantCVE-2016-0546SUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904CVE-2016-0596SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
ModerateCVE-2016-0596SUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904CVE-2016-0597SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
ModerateCVE-2016-0597SUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904CVE-2016-0598SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
ModerateCVE-2016-0598SUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904CVE-2016-0600SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
ModerateCVE-2016-0600SUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904CVE-2016-0606SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.
ModerateCVE-2016-0606SUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904CVE-2016-0608SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.
ModerateCVE-2016-0608SUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904CVE-2016-0609SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.
ModerateCVE-2016-0609SUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904CVE-2016-0616SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
ModerateCVE-2016-0616SUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904CVE-2016-0636SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.
ImportantCVE-2016-0636SUSE bug 972468SUSE bug 979252CVE-2016-0640SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.
CriticalCVE-2016-0640SUSE bug 976341SUSE bug 980904CVE-2016-0641SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.
CriticalCVE-2016-0641SUSE bug 976341SUSE bug 980904CVE-2016-0642SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.
CriticalCVE-2016-0642SUSE bug 976341SUSE bug 980904CVE-2016-0643SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.
CriticalCVE-2016-0643SUSE bug 976341SUSE bug 980904CVE-2016-0644SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.
CriticalCVE-2016-0644SUSE bug 976341SUSE bug 980904CVE-2016-0646SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.
CriticalCVE-2016-0646SUSE bug 976341SUSE bug 980904CVE-2016-0647SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.
CriticalCVE-2016-0647SUSE bug 976341SUSE bug 980904CVE-2016-0648SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.
CriticalCVE-2016-0648SUSE bug 976341SUSE bug 980904CVE-2016-0649SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.
CriticalCVE-2016-0649SUSE bug 976341SUSE bug 980904CVE-2016-0650SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.
CriticalCVE-2016-0650SUSE bug 976341SUSE bug 980904CVE-2016-0651SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.
CriticalCVE-2016-0651SUSE bug 976341SUSE bug 980904CVE-2016-0655SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.
CriticalCVE-2016-0655SUSE bug 976341SUSE bug 980904CVE-2016-0666SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
CriticalCVE-2016-0666SUSE bug 976341SUSE bug 980904CVE-2016-0668SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.
CriticalCVE-2016-0668SUSE bug 976341SUSE bug 980904CVE-2016-0686SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.
ImportantCVE-2016-0686SUSE bug 976340SUSE bug 979252CVE-2016-0687SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.
ImportantCVE-2016-0687SUSE bug 976340SUSE bug 979252CVE-2016-0695SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
ImportantCVE-2016-0695SUSE bug 976340SUSE bug 979252CVE-2016-0702SUSE Linux Enterprise Server 12
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
ModerateCVE-2016-0702SUSE bug 1007806SUSE bug 968044SUSE bug 968050SUSE bug 971238SUSE bug 990370CVE-2016-0703SUSE Linux Enterprise Server 12
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
ModerateCVE-2016-0703SUSE bug 968044SUSE bug 968046SUSE bug 968051SUSE bug 986238CVE-2016-0704SUSE Linux Enterprise Server 12
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
ModerateCVE-2016-0704SUSE bug 968044SUSE bug 968053SUSE bug 986238CVE-2016-0705SUSE Linux Enterprise Server 12
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
CriticalCVE-2016-0705SUSE bug 968044SUSE bug 968047SUSE bug 971238SUSE bug 976341CVE-2016-0706SUSE Linux Enterprise Server 12
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
ModerateCVE-2016-0706SUSE bug 967815SUSE bug 988489CVE-2016-0714SUSE Linux Enterprise Server 12
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
ImportantCVE-2016-0714SUSE bug 967964CVE-2016-0718SUSE Linux Enterprise Server 12
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CriticalCVE-2016-0718SUSE bug 979441SUSE bug 991809CVE-2016-0723SUSE Linux Enterprise Server 12
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
ModerateCVE-2016-0723SUSE bug 961500CVE-2016-0728SUSE Linux Enterprise Server 12
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
ImportantCVE-2016-0728SUSE bug 923755SUSE bug 962075SUSE bug 962078SUSE bug 963994CVE-2016-0749SUSE Linux Enterprise Server 12
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
CriticalCVE-2016-0749SUSE bug 982385SUSE bug 982386CVE-2016-0755SUSE Linux Enterprise Server 12
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
ModerateCVE-2016-0755SUSE bug 962983CVE-2016-0758SUSE Linux Enterprise Server 12
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
ImportantCVE-2016-0758SUSE bug 979867SUSE bug 980856CVE-2016-0763SUSE Linux Enterprise Server 12
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.
ModerateCVE-2016-0763SUSE bug 967966CVE-2016-0766SUSE Linux Enterprise Server 12
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
ImportantCVE-2016-0766SUSE bug 966435SUSE bug 966436SUSE bug 978323CVE-2016-0773SUSE Linux Enterprise Server 12
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
ImportantCVE-2016-0773SUSE bug 966435SUSE bug 966436SUSE bug 978323SUSE bug 983246SUSE bug 986409CVE-2016-0774SUSE Linux Enterprise Server 12
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.
ModerateCVE-2016-0774SUSE bug 917839SUSE bug 964730SUSE bug 964732CVE-2016-0777SUSE Linux Enterprise Server 12
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
CriticalCVE-2016-0777SUSE bug 1087412SUSE bug 961642SUSE bug 996040CVE-2016-0778SUSE Linux Enterprise Server 12
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
ImportantCVE-2016-0778SUSE bug 1087412SUSE bug 961645SUSE bug 996040CVE-2016-0787SUSE Linux Enterprise Server 12
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
ModerateCVE-2016-0787SUSE bug 1149968SUSE bug 967026SUSE bug 968174SUSE bug 974691CVE-2016-0797SUSE Linux Enterprise Server 12
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
ImportantCVE-2016-0797SUSE bug 968044SUSE bug 968048SUSE bug 990370CVE-2016-0798SUSE Linux Enterprise Server 12
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
ImportantCVE-2016-0798SUSE bug 968044SUSE bug 968265CVE-2016-0799SUSE Linux Enterprise Server 12
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
CriticalCVE-2016-0799SUSE bug 968044SUSE bug 968374SUSE bug 969517SUSE bug 989345SUSE bug 990370SUSE bug 991722CVE-2016-0800SUSE Linux Enterprise Server 12
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
ModerateCVE-2016-0800SUSE bug 1106871SUSE bug 961377SUSE bug 968044SUSE bug 968046SUSE bug 968888SUSE bug 979060CVE-2016-1234SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
ModerateCVE-2016-1234SUSE bug 1020940SUSE bug 969727SUSE bug 988770SUSE bug 988782SUSE bug 989127CVE-2016-1285SUSE Linux Enterprise Server 12
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
ModerateCVE-2016-1285SUSE bug 970072SUSE bug 978322SUSE bug 981200CVE-2016-1286SUSE Linux Enterprise Server 12
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
ImportantCVE-2016-1286SUSE bug 970073SUSE bug 978322SUSE bug 981200CVE-2016-1521SUSE Linux Enterprise Server 12
The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.
ImportantCVE-2016-1521SUSE bug 965803SUSE bug 965806SUSE bug 965807SUSE bug 965810CVE-2016-1523SUSE Linux Enterprise Server 12
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.
ImportantCVE-2016-1523SUSE bug 965803SUSE bug 965806SUSE bug 965807SUSE bug 965810SUSE bug 967087CVE-2016-1526SUSE Linux Enterprise Server 12
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.
ImportantCVE-2016-1526SUSE bug 965803SUSE bug 965806SUSE bug 965807SUSE bug 965810SUSE bug 966438CVE-2016-1541SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
ImportantCVE-2016-1541SUSE bug 979005CVE-2016-1547SUSE Linux Enterprise Server 12
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.
ModerateCVE-2016-1547SUSE bug 962784SUSE bug 977446SUSE bug 977459SUSE bug 982064SUSE bug 982065CVE-2016-1548SUSE Linux Enterprise Server 12
An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.
ImportantCVE-2016-1548SUSE bug 959243SUSE bug 977446SUSE bug 977461SUSE bug 982068CVE-2016-1549SUSE Linux Enterprise Server 12
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.
ModerateCVE-2016-1549SUSE bug 1083424SUSE bug 977446SUSE bug 977451CVE-2016-1550SUSE Linux Enterprise Server 12
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.
ModerateCVE-2016-1550SUSE bug 977446SUSE bug 977464CVE-2016-1551SUSE Linux Enterprise Server 12
ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.
ModerateCVE-2016-1551SUSE bug 977446SUSE bug 977450CVE-2016-1568SUSE Linux Enterprise Server 12
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
ImportantCVE-2016-1568SUSE bug 961332SUSE bug 961333CVE-2016-1570SUSE Linux Enterprise Server 12
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates.
ImportantCVE-2016-1570SUSE bug 960861CVE-2016-1571SUSE Linux Enterprise Server 12
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.
ModerateCVE-2016-1571SUSE bug 960861SUSE bug 960862CVE-2016-1572SUSE Linux Enterprise Server 12
mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
ModerateCVE-2016-1572SUSE bug 962052CVE-2016-1583SUSE Linux Enterprise Server 12
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
ImportantCVE-2016-1583SUSE bug 1052256SUSE bug 983143SUSE bug 983144SUSE bug 990058CVE-2016-1602SUSE Linux Enterprise Server 12
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
ImportantCVE-2016-1602SUSE bug 1063385SUSE bug 980670CVE-2016-1714SUSE Linux Enterprise Server 12
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.
ImportantCVE-2016-1714SUSE bug 961691SUSE bug 961692CVE-2016-1762SUSE Linux Enterprise Server 12
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
ModerateCVE-2016-1762SUSE bug 1123919SUSE bug 981040CVE-2016-1833SUSE Linux Enterprise Server 12
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
ImportantCVE-2016-1833SUSE bug 1123919SUSE bug 981108CVE-2016-1834SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
ImportantCVE-2016-1834SUSE bug 1123919SUSE bug 981041CVE-2016-1835SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
ImportantCVE-2016-1835SUSE bug 1123919SUSE bug 981109CVE-2016-1837SUSE Linux Enterprise Server 12
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
ImportantCVE-2016-1837SUSE bug 1123919SUSE bug 981111CVE-2016-1838SUSE Linux Enterprise Server 12
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
ImportantCVE-2016-1838SUSE bug 1123919SUSE bug 981112CVE-2016-1839SUSE Linux Enterprise Server 12
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
ModerateCVE-2016-1839SUSE bug 1039069SUSE bug 1039661SUSE bug 1069433SUSE bug 1069690SUSE bug 1123919SUSE bug 963963SUSE bug 981114CVE-2016-1840SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
ImportantCVE-2016-1840SUSE bug 1123919SUSE bug 981115CVE-2016-1908SUSE Linux Enterprise Server 12
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
LowCVE-2016-1908SUSE bug 1001712SUSE bug 1005738SUSE bug 1087412SUSE bug 1138392SUSE bug 962313SUSE bug 996040CVE-2016-1922SUSE Linux Enterprise Server 12
QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue.
ModerateCVE-2016-1922SUSE bug 962320SUSE bug 962321CVE-2016-1930SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2016-1930SUSE bug 963520SUSE bug 963632CVE-2016-1935SUSE Linux Enterprise Server 12
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.
ImportantCVE-2016-1935SUSE bug 963520SUSE bug 963635CVE-2016-1938SUSE Linux Enterprise Server 12
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
ModerateCVE-2016-1938SUSE bug 963731CVE-2016-1950SUSE Linux Enterprise Server 12
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
ImportantCVE-2016-1950SUSE bug 969894SUSE bug 970257SUSE bug 970377SUSE bug 970378SUSE bug 970379SUSE bug 970380SUSE bug 970381SUSE bug 970431SUSE bug 970433CVE-2016-1952SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2016-1952SUSE bug 969894CVE-2016-1953SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
ImportantCVE-2016-1953SUSE bug 969894CVE-2016-1954SUSE Linux Enterprise Server 12
The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.
ImportantCVE-2016-1954SUSE bug 969894CVE-2016-1957SUSE Linux Enterprise Server 12
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.
ModerateCVE-2016-1957SUSE bug 969894CVE-2016-1958SUSE Linux Enterprise Server 12
browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
ModerateCVE-2016-1958SUSE bug 969894CVE-2016-1960SUSE Linux Enterprise Server 12
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.
ImportantCVE-2016-1960SUSE bug 969894CVE-2016-1961SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.
ImportantCVE-2016-1961SUSE bug 969894CVE-2016-1962SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.
CriticalCVE-2016-1962SUSE bug 969894CVE-2016-1964SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.
ImportantCVE-2016-1964SUSE bug 969894CVE-2016-1965SUSE Linux Enterprise Server 12
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.
ModerateCVE-2016-1965SUSE bug 969894CVE-2016-1966SUSE Linux Enterprise Server 12
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.
ImportantCVE-2016-1966SUSE bug 969894CVE-2016-1974SUSE Linux Enterprise Server 12
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.
ImportantCVE-2016-1974SUSE bug 969894CVE-2016-1977SUSE Linux Enterprise Server 12
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.
ImportantCVE-2016-1977SUSE bug 969894CVE-2016-1978SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
ImportantCVE-2016-1978SUSE bug 969894CVE-2016-1979SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
ImportantCVE-2016-1979SUSE bug 969894CVE-2016-1981SUSE Linux Enterprise Server 12
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS.
ModerateCVE-2016-1981SUSE bug 963782SUSE bug 963783CVE-2016-2047SUSE Linux Enterprise Server 12
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
ModerateCVE-2016-2047SUSE bug 963806SUSE bug 976341SUSE bug 980904CVE-2016-2053SUSE Linux Enterprise Server 12
The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.
ModerateCVE-2016-2053SUSE bug 963762SUSE bug 979074SUSE bug 990058CVE-2016-2069SUSE Linux Enterprise Server 12
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
ModerateCVE-2016-2069SUSE bug 870618SUSE bug 963767CVE-2016-2073SUSE Linux Enterprise Server 12
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.
ModerateCVE-2016-2073SUSE bug 963963CVE-2016-2105SUSE Linux Enterprise Server 12
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
ModerateCVE-2016-2105SUSE bug 1025347SUSE bug 977584SUSE bug 977614SUSE bug 978492SUSE bug 989902SUSE bug 990369SUSE bug 990370SUSE bug 991918CVE-2016-2106SUSE Linux Enterprise Server 12
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
LowCVE-2016-2106SUSE bug 1025347SUSE bug 977584SUSE bug 977615SUSE bug 978492SUSE bug 990369CVE-2016-2107SUSE Linux Enterprise Server 12
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
ModerateCVE-2016-2107SUSE bug 976942SUSE bug 977584SUSE bug 977616SUSE bug 978492SUSE bug 990369SUSE bug 990370CVE-2016-2108SUSE Linux Enterprise Server 12
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
ModerateCVE-2016-2108SUSE bug 1001502SUSE bug 1004499SUSE bug 1005878SUSE bug 1025347SUSE bug 977584SUSE bug 977617SUSE bug 978492SUSE bug 989345SUSE bug 996067CVE-2016-2109SUSE Linux Enterprise Server 12
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
ModerateCVE-2016-2109SUSE bug 1015243SUSE bug 1025347SUSE bug 976942SUSE bug 977584SUSE bug 978492SUSE bug 990369CVE-2016-2110SUSE Linux Enterprise Server 12
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.
ModerateCVE-2016-2110SUSE bug 1009711SUSE bug 973031SUSE bug 973033SUSE bug 973036SUSE bug 975276CVE-2016-2111SUSE Linux Enterprise Server 12
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
ModerateCVE-2016-2111SUSE bug 973032SUSE bug 975276CVE-2016-2112SUSE Linux Enterprise Server 12
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
ModerateCVE-2016-2112SUSE bug 973031SUSE bug 973033SUSE bug 975276CVE-2016-2113SUSE Linux Enterprise Server 12
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.
ImportantCVE-2016-2113SUSE bug 973031SUSE bug 973033SUSE bug 973034SUSE bug 975276CVE-2016-2115SUSE Linux Enterprise Server 12
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
ModerateCVE-2016-2115SUSE bug 973036SUSE bug 975276CVE-2016-2118SUSE Linux Enterprise Server 12
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
ImportantCVE-2016-2118SUSE bug 971965SUSE bug 975276CVE-2016-2143SUSE Linux Enterprise Server 12
The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.
ImportantCVE-2016-2143SUSE bug 970504SUSE bug 987099SUSE bug 993872CVE-2016-2150SUSE Linux Enterprise Server 12
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.
ImportantCVE-2016-2150SUSE bug 982385SUSE bug 982386CVE-2016-2184SUSE Linux Enterprise Server 12
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
ModerateCVE-2016-2184SUSE bug 971125CVE-2016-2185SUSE Linux Enterprise Server 12
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
ModerateCVE-2016-2185SUSE bug 971124CVE-2016-2186SUSE Linux Enterprise Server 12
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
ModerateCVE-2016-2186SUSE bug 970958CVE-2016-2188SUSE Linux Enterprise Server 12
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
ModerateCVE-2016-2188SUSE bug 1067912SUSE bug 1132190SUSE bug 970956CVE-2016-2198SUSE Linux Enterprise Server 12
QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS.
ModerateCVE-2016-2198SUSE bug 964413SUSE bug 964415CVE-2016-2270SUSE Linux Enterprise Server 12
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.
ModerateCVE-2016-2270SUSE bug 965315CVE-2016-2271SUSE Linux Enterprise Server 12
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.
ModerateCVE-2016-2271SUSE bug 965317CVE-2016-2315SUSE Linux Enterprise Server 12
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
CriticalCVE-2016-2315SUSE bug 971328CVE-2016-2324SUSE Linux Enterprise Server 12
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
CriticalCVE-2016-2324SUSE bug 971328CVE-2016-2335SUSE Linux Enterprise Server 12
The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.
ImportantCVE-2016-2335SUSE bug 979823CVE-2016-2342SUSE Linux Enterprise Server 12
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
ModerateCVE-2016-2342SUSE bug 970952CVE-2016-2384SUSE Linux Enterprise Server 12
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
ImportantCVE-2016-2384SUSE bug 966693SUSE bug 967773CVE-2016-2391SUSE Linux Enterprise Server 12
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
ModerateCVE-2016-2391SUSE bug 967012SUSE bug 967013SUSE bug 967101CVE-2016-2392SUSE Linux Enterprise Server 12
The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.
ModerateCVE-2016-2392SUSE bug 967012SUSE bug 967090CVE-2016-2516SUSE Linux Enterprise Server 12
NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.
ModerateCVE-2016-2516SUSE bug 0SUSE bug 977446SUSE bug 977452CVE-2016-2517SUSE Linux Enterprise Server 12
NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.
ModerateCVE-2016-2517SUSE bug 0SUSE bug 977446SUSE bug 977455CVE-2016-2518SUSE Linux Enterprise Server 12
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
ModerateCVE-2016-2518SUSE bug 977446SUSE bug 977457CVE-2016-2519SUSE Linux Enterprise Server 12
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.
ModerateCVE-2016-2519SUSE bug 0SUSE bug 959243SUSE bug 977446SUSE bug 977458CVE-2016-2523SUSE Linux Enterprise Server 12
The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
ModerateCVE-2016-2523SUSE bug 968565CVE-2016-2530SUSE Linux Enterprise Server 12
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531.
ModerateCVE-2016-2530SUSE bug 968565CVE-2016-2531SUSE Linux Enterprise Server 12
Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530.
ModerateCVE-2016-2531SUSE bug 968565CVE-2016-2532SUSE Linux Enterprise Server 12
The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
ModerateCVE-2016-2532SUSE bug 968565CVE-2016-2538SUSE Linux Enterprise Server 12
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.
ImportantCVE-2016-2538SUSE bug 967969SUSE bug 968004CVE-2016-2774SUSE Linux Enterprise Server 12
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
ModerateCVE-2016-2774SUSE bug 969820CVE-2016-2782SUSE Linux Enterprise Server 12
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
ModerateCVE-2016-2782SUSE bug 961512SUSE bug 968670CVE-2016-2790SUSE Linux Enterprise Server 12
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.
ImportantCVE-2016-2790SUSE bug 969894CVE-2016-2791SUSE Linux Enterprise Server 12
The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
ImportantCVE-2016-2791SUSE bug 969894CVE-2016-2792SUSE Linux Enterprise Server 12
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.
ImportantCVE-2016-2792SUSE bug 969894CVE-2016-2793SUSE Linux Enterprise Server 12
CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
ImportantCVE-2016-2793SUSE bug 969894CVE-2016-2794SUSE Linux Enterprise Server 12
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
ImportantCVE-2016-2794SUSE bug 969894CVE-2016-2795SUSE Linux Enterprise Server 12
The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.
ImportantCVE-2016-2795SUSE bug 969894CVE-2016-2796SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
ImportantCVE-2016-2796SUSE bug 969894CVE-2016-2797SUSE Linux Enterprise Server 12
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.
ImportantCVE-2016-2797SUSE bug 969894CVE-2016-2798SUSE Linux Enterprise Server 12
The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
ImportantCVE-2016-2798SUSE bug 969894CVE-2016-2799SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
ImportantCVE-2016-2799SUSE bug 969894CVE-2016-2800SUSE Linux Enterprise Server 12
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.
ImportantCVE-2016-2800SUSE bug 969894CVE-2016-2801SUSE Linux Enterprise Server 12
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.
ImportantCVE-2016-2801SUSE bug 969894CVE-2016-2802SUSE Linux Enterprise Server 12
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
ImportantCVE-2016-2802SUSE bug 969894CVE-2016-2805SUSE Linux Enterprise Server 12
Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2016-2805SUSE bug 977333SUSE bug 977374CVE-2016-2807SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2016-2807SUSE bug 977333SUSE bug 977376CVE-2016-2808SUSE Linux Enterprise Server 12
The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.
ImportantCVE-2016-2808SUSE bug 977333SUSE bug 977386CVE-2016-2814SUSE Linux Enterprise Server 12
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.
ImportantCVE-2016-2814SUSE bug 977333SUSE bug 977381CVE-2016-2815SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2016-2815SUSE bug 983549SUSE bug 983638CVE-2016-2818SUSE Linux Enterprise Server 12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2016-2818SUSE bug 983549SUSE bug 983638CVE-2016-2819SUSE Linux Enterprise Server 12
Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.
ImportantCVE-2016-2819SUSE bug 983549SUSE bug 983655CVE-2016-2821SUSE Linux Enterprise Server 12
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
ImportantCVE-2016-2821SUSE bug 983549SUSE bug 983653CVE-2016-2822SUSE Linux Enterprise Server 12
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
ModerateCVE-2016-2822SUSE bug 983549SUSE bug 983652CVE-2016-2824SUSE Linux Enterprise Server 12
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.
ImportantCVE-2016-2824SUSE bug 983549SUSE bug 983651CVE-2016-2828SUSE Linux Enterprise Server 12
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
ImportantCVE-2016-2828SUSE bug 983549SUSE bug 983646CVE-2016-2831SUSE Linux Enterprise Server 12
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
ImportantCVE-2016-2831SUSE bug 983549SUSE bug 983632SUSE bug 983643CVE-2016-2834SUSE Linux Enterprise Server 12
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
ImportantCVE-2016-2834SUSE bug 983549SUSE bug 983639CVE-2016-2841SUSE Linux Enterprise Server 12
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.
ModerateCVE-2016-2841SUSE bug 969350SUSE bug 969351CVE-2016-2847SUSE Linux Enterprise Server 12
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
ModerateCVE-2016-2847SUSE bug 970948SUSE bug 974646CVE-2016-2851SUSE Linux Enterprise Server 12
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
CriticalCVE-2016-2851SUSE bug 969785CVE-2016-2857SUSE Linux Enterprise Server 12
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
ModerateCVE-2016-2857SUSE bug 970037CVE-2016-2858SUSE Linux Enterprise Server 12
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
ModerateCVE-2016-2858SUSE bug 970036CVE-2016-3075SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
ImportantCVE-2016-3075SUSE bug 973164CVE-2016-3115SUSE Linux Enterprise Server 12
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
ModerateCVE-2016-3115SUSE bug 1005738SUSE bug 1087412SUSE bug 1138392SUSE bug 970632SUSE bug 992296SUSE bug 996040CVE-2016-3119SUSE Linux Enterprise Server 12
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
ModerateCVE-2016-3119SUSE bug 971942CVE-2016-3134SUSE Linux Enterprise Server 12
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
ModerateCVE-2016-3134SUSE bug 1052256SUSE bug 971126SUSE bug 971793SUSE bug 986362SUSE bug 986365CVE-2016-3136SUSE Linux Enterprise Server 12
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
ModerateCVE-2016-3136SUSE bug 970955CVE-2016-3137SUSE Linux Enterprise Server 12
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.
ModerateCVE-2016-3137SUSE bug 970970CVE-2016-3138SUSE Linux Enterprise Server 12
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
ModerateCVE-2016-3138SUSE bug 970911SUSE bug 970970CVE-2016-3139SUSE Linux Enterprise Server 12
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
ModerateCVE-2016-3139SUSE bug 970909CVE-2016-3140SUSE Linux Enterprise Server 12
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
ModerateCVE-2016-3140SUSE bug 970892CVE-2016-3156SUSE Linux Enterprise Server 12
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
ModerateCVE-2016-3156SUSE bug 971360CVE-2016-3190SUSE Linux Enterprise Server 12
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
ImportantCVE-2016-3190SUSE bug 971964CVE-2016-3422SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.
ImportantCVE-2016-3422SUSE bug 976340SUSE bug 979252CVE-2016-3425SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.
ImportantCVE-2016-3425SUSE bug 976340SUSE bug 979252CVE-2016-3426SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.
ImportantCVE-2016-3426SUSE bug 976340SUSE bug 979252CVE-2016-3427SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
ImportantCVE-2016-3427SUSE bug 1011805SUSE bug 976340SUSE bug 979252CVE-2016-3443SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.
ImportantCVE-2016-3443SUSE bug 976340SUSE bug 979252CVE-2016-3449SUSE Linux Enterprise Server 12
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.
ImportantCVE-2016-3449SUSE bug 976340SUSE bug 979252CVE-2016-3627SUSE Linux Enterprise Server 12
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
ImportantCVE-2016-3627SUSE bug 1026099SUSE bug 1026101SUSE bug 1123919SUSE bug 972335SUSE bug 975947CVE-2016-3672SUSE Linux Enterprise Server 12
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
ImportantCVE-2016-3672SUSE bug 974308SUSE bug 990058CVE-2016-3689SUSE Linux Enterprise Server 12
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
ModerateCVE-2016-3689SUSE bug 971628CVE-2016-3705SUSE Linux Enterprise Server 12
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
ImportantCVE-2016-3705SUSE bug 1017497SUSE bug 1123919SUSE bug 975947CVE-2016-3706SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
ImportantCVE-2016-3706SUSE bug 980483SUSE bug 997423CVE-2016-3710SUSE Linux Enterprise Server 12
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
ImportantCVE-2016-3710SUSE bug 978158SUSE bug 978164SUSE bug 978167CVE-2016-3712SUSE Linux Enterprise Server 12
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
ModerateCVE-2016-3712SUSE bug 978160SUSE bug 978164SUSE bug 978167CVE-2016-3714SUSE Linux Enterprise Server 12
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
ImportantCVE-2016-3714SUSE bug 1057163SUSE bug 1105592SUSE bug 978061SUSE bug 982178CVE-2016-3715SUSE Linux Enterprise Server 12
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
ModerateCVE-2016-3715SUSE bug 1057163SUSE bug 1105592SUSE bug 978061CVE-2016-3716SUSE Linux Enterprise Server 12
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
ModerateCVE-2016-3716SUSE bug 1057163SUSE bug 1105592SUSE bug 978061CVE-2016-3717SUSE Linux Enterprise Server 12
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
ModerateCVE-2016-3717SUSE bug 1057163SUSE bug 1105592SUSE bug 978061CVE-2016-3718SUSE Linux Enterprise Server 12
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
ModerateCVE-2016-3718SUSE bug 1057163SUSE bug 1105592SUSE bug 978061CVE-2016-3951SUSE Linux Enterprise Server 12
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.
ModerateCVE-2016-3951SUSE bug 974418CVE-2016-3977SUSE Linux Enterprise Server 12
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
ModerateCVE-2016-3977SUSE bug 974847CVE-2016-4001SUSE Linux Enterprise Server 12
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
ModerateCVE-2016-4001SUSE bug 975128SUSE bug 975130CVE-2016-4002SUSE Linux Enterprise Server 12
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.
CriticalCVE-2016-4002SUSE bug 975136SUSE bug 975138CVE-2016-4008SUSE Linux Enterprise Server 12
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
ModerateCVE-2016-4008SUSE bug 982779CVE-2016-4020SUSE Linux Enterprise Server 12
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
LowCVE-2016-4020SUSE bug 975700SUSE bug 975907CVE-2016-4037SUSE Linux Enterprise Server 12
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.
LowCVE-2016-4037SUSE bug 959005SUSE bug 959006SUSE bug 976109SUSE bug 976111CVE-2016-4049SUSE Linux Enterprise Server 12
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.
ModerateCVE-2016-4049SUSE bug 977012CVE-2016-4429SUSE Linux Enterprise Server 12
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
ModerateCVE-2016-4429SUSE bug 1081556SUSE bug 980854CVE-2016-4439SUSE Linux Enterprise Server 12
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.
ImportantCVE-2016-4439SUSE bug 980711SUSE bug 980716CVE-2016-4441SUSE Linux Enterprise Server 12
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.
ModerateCVE-2016-4441SUSE bug 980723SUSE bug 980724CVE-2016-4447SUSE Linux Enterprise Server 12
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
ImportantCVE-2016-4447SUSE bug 1123919SUSE bug 981548CVE-2016-4448SUSE Linux Enterprise Server 12
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CriticalCVE-2016-4448SUSE bug 1010299SUSE bug 1123919SUSE bug 981549CVE-2016-4449SUSE Linux Enterprise Server 12
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
ImportantCVE-2016-4449SUSE bug 1123919SUSE bug 981550CVE-2016-4482SUSE Linux Enterprise Server 12
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
ModerateCVE-2016-4482SUSE bug 978401SUSE bug 978445CVE-2016-4483SUSE Linux Enterprise Server 12
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.
LowCVE-2016-4483SUSE bug 1026101SUSE bug 1123919SUSE bug 978395CVE-2016-4486SUSE Linux Enterprise Server 12
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
LowCVE-2016-4486SUSE bug 978822SUSE bug 990058CVE-2016-4565SUSE Linux Enterprise Server 12
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
ImportantCVE-2016-4565SUSE bug 979548SUSE bug 980363SUSE bug 980883SUSE bug 990058CVE-2016-4569SUSE Linux Enterprise Server 12
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
LowCVE-2016-4569SUSE bug 979213SUSE bug 979879SUSE bug 990058CVE-2016-4574SUSE Linux Enterprise Server 12
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.
ImportantCVE-2016-4574SUSE bug 1135436SUSE bug 979261CVE-2016-4578SUSE Linux Enterprise Server 12
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
ModerateCVE-2016-4578SUSE bug 1052256SUSE bug 979879SUSE bug 990058CVE-2016-4579SUSE Linux Enterprise Server 12
Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."
ImportantCVE-2016-4579SUSE bug 1135436SUSE bug 979906CVE-2016-4805SUSE Linux Enterprise Server 12
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
ImportantCVE-2016-4805SUSE bug 980371SUSE bug 990058CVE-2016-4952SUSE Linux Enterprise Server 12
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.
ModerateCVE-2016-4952SUSE bug 981266SUSE bug 981276CVE-2016-4953SUSE Linux Enterprise Server 12
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
ModerateCVE-2016-4953SUSE bug 962784SUSE bug 977459SUSE bug 982056SUSE bug 982065CVE-2016-4954SUSE Linux Enterprise Server 12
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
ModerateCVE-2016-4954SUSE bug 982056SUSE bug 982066CVE-2016-4955SUSE Linux Enterprise Server 12
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
ModerateCVE-2016-4955SUSE bug 982056SUSE bug 982067CVE-2016-4956SUSE Linux Enterprise Server 12
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
ModerateCVE-2016-4956SUSE bug 977461SUSE bug 982056SUSE bug 982068CVE-2016-4957SUSE Linux Enterprise Server 12
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
ImportantCVE-2016-4957SUSE bug 977459SUSE bug 982056SUSE bug 982064CVE-2016-4997SUSE Linux Enterprise Server 12
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
ImportantCVE-2016-4997SUSE bug 986362SUSE bug 986365SUSE bug 986377SUSE bug 990058SUSE bug 991651CVE-2016-5104SUSE Linux Enterprise Server 12
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
ModerateCVE-2016-5104SUSE bug 982014CVE-2016-5118SUSE Linux Enterprise Server 12
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CriticalCVE-2016-5118SUSE bug 982178CVE-2016-5244SUSE Linux Enterprise Server 12
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
ModerateCVE-2016-5244SUSE bug 983213SUSE bug 990058cluster-md-kmp-defaultdlm-kmp-defaultgfs2-kmp-defaultocfs2-kmp-defaultsle-ha-releasecorosynccorosync-qdevicecorosync-qnetdcorosync-testagentslibcfg6libcmap4libcorosync-devellibcorosync_common4libcpg4libquorum5libsam4libtotem_pg5libvotequorum8ctdbfence-agentsfence-agents-develhaproxylibpacemaker-devellibpacemaker3pacemakerpacemaker-clipacemaker-ctspacemaker-remoteruby2.5-rubygem-actionpack-5_1ruby2.5-rubygem-actionview-5_1ruby2.5-rubygem-loofahruby2.5-rubygem-nokogiriruby2.5-rubygem-rackruby2.5-rubygem-rails-html-sanitizerruby2.5-rubygem-railties-5_1ruby2.5-rubygem-activejob-5_1ruby2.5-rubygem-sprocketsaaa_baseaaa_base-extrassle-module-basesystem-releasealsaalsa-devellibasound2libasound2-32bitapache-commons-httpclientapparmor-abstractionsapparmor-docsapparmor-parserapparmor-parser-langapparmor-profilesapparmor-utilsapparmor-utils-langpam_apparmorpam_apparmor-32bitperl-apparmorpython3-apparmorapr-devellibapr1apr-util-devellibapr-util1audit-devellibaudit1libaudit1-32bitlibauparse0augeasaugeas-develaugeas-lenseslibaugeas0autofsautomakem4avahiavahi-compat-howl-develavahi-compat-mDNSResponder-develavahi-langavahi-utilslibavahi-client3libavahi-common3libavahi-core7libavahi-devellibdns_sdlibhowl0bashbash-develbash-docbash-langlibreadline7readline-develreadline-docbind-develbind-utilslibbind9-160libdns169libirs-devellibirs160libisc166libisccc160libisccfg160liblwres160python3-bindbinutilsbinutils-develbzip2libbz2-1libbz2-1-32bitlibbz2-develc-ares-devellibcares2cairo-devellibcairo-gobject2libcairo-script-interpreter2libcairo2ceph-commonlibcephfs-devellibcephfs2librados-devellibrados2libradosstriper-devellibradosstriper1librbd-devellibrbd1librgw-devellibrgw2python3-cephfspython3-radospython3-rbdpython3-rgwrados-objclass-develchronycifs-utilscifs-utils-develclamavclamav-devellibclamav7libclammspack0conntrack-toolscoreutilscoreutils-langcpiocpio-langcpio-mtcracklibcracklib-develcracklib-dict-smalllibcrack2libcrack2-32bitcroncroniecupscups-clientcups-configcups-devellibcups2libcupscgi1libcupsimage2libcupsmime1libcupsppdc1cups-filterscups-filters-develcurllibcurl-devellibcurl4libcurl4-32bitcyrus-saslcyrus-sasl-32bitcyrus-sasl-crammd5cyrus-sasl-crammd5-32bitcyrus-sasl-develcyrus-sasl-digestmd5cyrus-sasl-digestmd5-32bitcyrus-sasl-gssapicyrus-sasl-gssapi-32bitcyrus-sasl-otpcyrus-sasl-plaincyrus-sasl-plain-32bitcyrus-sasl-saslauthdlibsasl2-3libsasl2-3-32bitdbus-1dbus-1-develdbus-1-x11libdbus-1-3libdbus-1-3-32bitdbus-1-glibdbus-1-glib-32bitdbus-1-glib-develdbus-1-glib-tooldhcpdhcp-clientdhcp-develdnsmasqdracutdracut-fipsdracut-imadstatecryptfs-utilsecryptfs-utils-devellibecryptfs1elfutilselfutils-langlibasm-devellibasm1libdw-devellibdw1libdw1-32bitlibebl-devellibebl-pluginslibebl-plugins-32bitlibelf-devellibelf1libelf1-32bitemacsemacs-elemacs-infoemacs-noxetagsenscriptexpatlibexpat-devellibexpat1libexpat1-32bitfetchmailfilefile-develfile-magiclibmagic1libmagic1-32bitfirewall-macrosfirewalldfirewalld-langpython3-firewallflac-devellibFLAC++6libFLAC8freetype2-devellibfreetype6libfreetype6-32bitfusefuse-develfuse-doclibfuse2libulockmgr1gc-devellibgc1gdk-pixbuf-develgdk-pixbuf-langgdk-pixbuf-query-loadersgdk-pixbuf-thumbnailerlibgdk_pixbuf-2_0-0typelib-1_0-GdkPixbuf-2_0gdk-pixbuf-loader-rsvglibrsvg-2-2ghostscriptghostscript-develghostscript-x11giflib-devellibgif7git-coreglib2-develglib2-langglib2-toolslibgio-2_0-0libgio-2_0-0-32bitlibglib-2_0-0libglib-2_0-0-32bitlibgmodule-2_0-0libgmodule-2_0-0-32bitlibgobject-2_0-0libgobject-2_0-0-32bitlibgthread-2_0-0glibcglibc-32bitglibc-develglibc-extraglibc-i18ndataglibc-infoglibc-localeglibc-locale-32bitglibc-profilenscdgnutlslibgnutls-devellibgnutls30libgnutlsxx-devellibgnutlsxx28gpg2gpg2-langgpgmelibgpgme-devellibgpgme11libgpgmepp-devellibgpgmepp6libqgpgme-devellibqgpgme7graphite2-devellibgraphite2-3libgraphite2-3-32bitgrepgrep-langgroffgroff-fullgxditviewgrub2grub2-i386-pcgrub2-snapper-plugingrub2-systemd-sleep-plugingrub2-x86_64-efigstreamergstreamer-langlibgstreamer-1_0-0gstreamer-plugins-goodgstreamer-plugins-good-langgtk2-develgtk2-langgtk2-toolslibgtk-2_0-0typelib-1_0-Gtk-2_0gziphardlinkhplip-develhplip-hpijshplip-sanehyper-vipsec-toolsiputilsjava-10-openjdkjava-10-openjdk-demojava-10-openjdk-develjava-10-openjdk-headlesskbdkbd-legacykdumpkernel-defaultkernel-default-develkernel-develkernel-macroskernel-firmwareucode-amdkrb5krb5-32bitkrb5-clientkrb5-develkrb5-plugin-preauth-otpkrb5-plugin-preauth-pkinitldns-devellibldns2lesslftplibFS-devellibFS6libHX-devellibHX28libHX28-32bitlibICE-devellibICE6libQt5Concurrent-devellibQt5Concurrent5libQt5Core-devellibQt5Core-private-headers-devellibQt5Core5libQt5DBus-devellibQt5DBus-private-headers-devellibQt5DBus5libQt5Gui-devellibQt5Gui-private-headers-devellibQt5Gui5libQt5KmsSupport-devel-staticlibQt5KmsSupport-private-headers-devellibQt5Network-devellibQt5Network-private-headers-devellibQt5Network5libQt5OpenGL-devellibQt5OpenGL-private-headers-devellibQt5OpenGL5libQt5PlatformHeaders-devellibQt5PlatformSupport-devel-staticlibQt5PlatformSupport-private-headers-devellibQt5PrintSupport-devellibQt5PrintSupport-private-headers-devellibQt5PrintSupport5libQt5Sql-devellibQt5Sql-private-headers-devellibQt5Sql5libQt5Sql5-sqlitelibQt5Test-devellibQt5Test-private-headers-devellibQt5Test5libQt5Widgets-devellibQt5Widgets-private-headers-devellibQt5Widgets5libQt5Xml-devellibQt5Xml5libqt5-qtbase-common-devellibqt5-qtbase-devellibqt5-qtbase-private-headers-devellibX11-6libX11-6-32bitlibX11-datalibX11-devellibX11-xcb1libX11-xcb1-32bitlibXRes1libXres-devellibXcursor-devellibXcursor1libXdmcp-devellibXdmcp6libXext-devellibXext6libXext6-32bitlibXfixes-devellibXfixes3libXfixes3-32bitlibXfont-devellibXfont1libXfont2-2libXfont2-devellibXi-devellibXi6libXinerama-devellibXinerama1libXp-devellibXp6libXrandr-devellibXrandr2libXrender-devellibXrender1libXrender1-32bitlibXt-devellibXt6libXtst-devellibXtst6libXtst6-32bitlibXv-devellibXv1libXvMC-devellibXvMC1libXvnc1tigervncxorg-x11-Xvncxorg-x11-Xvnc-novnclibXxf86dga-devellibXxf86dga1libXxf86vm-devellibXxf86vm1libXxf86vm1-32bitlibarchive-devellibarchive13libblkid-devellibblkid-devel-staticlibblkid1libblkid1-32bitlibfdisk-devellibfdisk1libmount-devellibmount1libmount1-32bitlibsmartcols-devellibsmartcols1libuuid-devellibuuid-devel-staticlibuuid1libuuid1-32bitutil-linuxutil-linux-langutil-linux-systemdlibbluetooth3libcolord2libcrocolibcroco-0_6-3libcroco-0_6-3-32bitlibcroco-devellibdcerpc-binding0libdcerpc-devellibdcerpc-samr-devellibdcerpc-samr0libdcerpc0libndr-devellibndr-krb5pac-devellibndr-krb5pac0libndr-nbt-devellibndr-nbt0libndr-standard-devellibndr-standard0libndr0libnetapi-devellibnetapi0libsamba-credentials-devellibsamba-credentials0libsamba-errors-devellibsamba-errors0libsamba-hostconfig-devellibsamba-hostconfig0libsamba-passdb-devellibsamba-passdb0libsamba-policy-devellibsamba-policy0libsamba-util-devellibsamba-util0libsamdb-devellibsamdb0libsmbclient-devellibsmbclient0libsmbconf-devellibsmbconf0libsmbldap-devellibsmbldap2libtevent-util-devellibtevent-util0libwbclient-devellibwbclient0sambasamba-clientsamba-core-develsamba-libssamba-winbindlibdmx-devellibdmx1libevent-2_1-8libevent-devellibfreebl3libfreebl3-32bitlibsoftokn3libsoftokn3-32bitmozilla-nssmozilla-nss-32bitmozilla-nss-certsmozilla-nss-certs-32bitmozilla-nss-develmozilla-nss-sysinitmozilla-nss-toolslibgcrypt-devellibgcrypt20libgcrypt20-32bitlibgcrypt20-hmaclibgcrypt20-hmac-32bitlibgd3libgstgl-1_0-0libgstphotography-1_0-0libgtk-vnc-2_0-0libgvnc-1_0-0libhogweed4libnettle-devellibnettle6libical2libidn-devellibidn11libidn2-0libidn2-0-32bitlibidn2-devellibipa_hbac-devellibipa_hbac0libsss_certmap-devellibsss_certmap0libsss_idmap-devellibsss_idmap0libsss_nss_idmap-devellibsss_nss_idmap0libsss_simpleifp-devellibsss_simpleifp0python3-sssd-configsssdsssd-32bitsssd-adsssd-ipasssd-krb5sssd-krb5-commonsssd-ldapsssd-proxysssd-toolssssd-wbclientsssd-wbclient-devellibjansson-devellibjansson4libjasper4libjavascriptcoregtk-4_0-18libwebkit2gtk-4_0-37libwebkit2gtk3-langwebkit2gtk-4_0-injected-bundleslibjbig-devellibjbig2libjpeg62libjpeg62-devellibjpeg8libjpeg8-devellibturbojpeg0libjson-c-devellibjson-c3libjson-c3-32bitlibksba-devellibksba8libldap-2_4-2libldap-2_4-2-32bitopenldap2-clientopenldap2-developenldap2-devel-staticlibldb-devellibldb1python-ldbpython-ldb-develpython3-ldbpython3-ldb-devellibltdl7libtoolliblzo2-2lzo-devellzo-devel-staticlibminizip1libz1libz1-32bitminizip-develzlib-develzlib-devel-staticlibmpfr6mpfr-devellibmspack-devellibmspack0libneon-devellibneon27libnewt0_52newtpython3-newtlibnghttp2-14libnghttp2-14-32bitlibnghttp2-devellibnghttp2_asio-devellibnghttp2_asio1libnm0typelib-1_0-NM-1_0liboath0oath-toolkit-xmllibopenjp2-7openjpeg2openjpeg2-devellibopenssl-1_1-devellibopenssl1_1libopenssl1_1-32bitlibopenssl1_1-hmaclibopenssl1_1-hmac-32bitopenssl-1_1libopenssl-developenssllibopus0libpainter0librfxencode0xrdpxrdp-devellibpango-1_0-0pango-develtypelib-1_0-Pango-1_0libpcre1libpcre1-32bitlibpcre16-0libpcrecpp0libpcrecpp0-32bitlibpcreposix0pcre-develpcre-toolslibpcre2-16-0libpcre2-32-0libpcre2-8-0libpcsclite1libpcscspy0pcsc-litepcsc-lite-devellibpng12-0libpng12-devellibpng16-16libpng16-16-32bitlibpng16-compat-devellibpng16-devellibpolkit0polkitpolkit-develtypelib-1_0-Polkit-1_0libpoppler-cpp0libpoppler-devellibpoppler-glib-devellibpoppler-glib8libpoppler73poppler-toolstypelib-1_0-Poppler-0_18libpq5postgresql10libproxy-devellibproxy1libpulse-devellibpulse-mainloop-glib0libpulse0libpython2_7-1_0python-basepython-develpython-xmllibpython3_6m1_0python3-basepython3-develpython3-idlelibqpdf21qpdfqpdf-devellibrrd8rrdtoolrrdtool-devellibrsync-devellibrsync2libserf-1-1libserf-devellibsha1detectcoll-devellibsha1detectcoll1libsmilibsmi2libsndfile-devellibsndfile1libsnmp30net-snmpnet-snmp-develperl-SNMPsnmp-mibslibsoup-2_4-1libsoup-langlibspice-client-glib-2_0-8libspice-client-glib-helperlibspice-client-gtk-3_0-5libspice-controller0libsqlite3-0libsqlite3-0-32bitsqlite3sqlite3-devellibssh-devellibssh4libssh4-32bitlibssh2-1libssh2-devellibsystemd0libsystemd0-32bitlibudev-devellibudev1libudev1-32bitsystemdsystemd-32bitsystemd-bash-completionsystemd-containersystemd-coredumpsystemd-develsystemd-sysvinitudevlibtag1libtasn1libtasn1-6libtasn1-devellibthai-datalibthai0libtiff-devellibtiff5libudisks2-0typelib-1_0-UDisks-2_0udisks2udisks2-develudisks2-langlibunbound2unbound-anchorunbound-devellibunwindlibunwind-devellibvirt-libslibvmtools-devellibvmtools0open-vm-toolslibvorbis-devellibvorbis0libvorbisenc2libvorbisfile3libvpx4libwavpack1libwireshark9libwiretap7libwscodecs1libwsutil8wiresharklibxcb-composite0libxcb-damage0libxcb-devellibxcb-devel-doclibxcb-dpms0libxcb-dri2-0libxcb-dri2-0-32bitlibxcb-dri3-0libxcb-dri3-0-32bitlibxcb-glx0libxcb-glx0-32bitlibxcb-present0libxcb-present0-32bitlibxcb-randr0libxcb-record0libxcb-render0libxcb-res0libxcb-screensaver0libxcb-shape0libxcb-shm0libxcb-sync1libxcb-sync1-32bitlibxcb-xf86dri0libxcb-xfixes0libxcb-xfixes0-32bitlibxcb-xinerama0libxcb-xinput0libxcb-xkb1libxcb-xtest0libxcb-xv0libxcb-xvmc0libxcb1libxcb1-32bitlibxerces-c-3_1libxerces-c-devellibxml2-2libxml2-2-32bitlibxml2-devellibxml2-toolslibxslt-devellibxslt-toolslibxslt1libyaml-0-2libyaml-devellibzip-devellibzip5libzmq5zeromq-devellibzypplibzypp-devellibzzip-0-13zziplib-devellogrotatemailxminicomminicom-langmozilla-nsprmozilla-nspr-32bitmozilla-nspr-develmuttmutt-docmutt-langopenscopenslpopenslp-32bitopenslp-developensshopenssh-helpersopenvpnopenvpn-auth-pam-pluginopenvpn-developie-32bitp7zippampam-32bitpam-develpam-docpam_krb5pam_krb5-32bitpam_sshpam_ssh-32bitpam_yubicopcsc-ccidperlperl-baseperl-base-32bitperl-DBD-mysqlperl-HTML-Parserperl-LWP-Protocol-httpsperl-XML-LibXMLpolicycoreutilspolicycoreutils-langpolicycoreutils-newrolepostgresqlprocmailpythonpython-cursespython-gdbmpython2-Jinja2python3-Jinja2python2-bottlepython2-libxml2-pythonpython3-libxml2-pythonpython2-numpypython2-numpy-develpython3-numpypython3-numpy-develpython2-paramikopython2-pippython3-pippython2-pyOpenSSLpython3-pyOpenSSLpython2-pycryptopython3-pycryptopython2-pywbempython2-requestspython3-requestspython2-saltpython3-saltsaltsalt-bash-completionsalt-docsalt-minionsalt-zsh-completionpython2-urllib3python3-urllib3python3python3-cursespython3-dbmpython3-tkqemu-toolsradvdrpcbindrsyncrsyslogrzszscreenshadowsharutilssharutils-langshimsquashfsstrongswanstrongswan-docstrongswan-hmacstrongswan-ipsecstrongswan-libs0subversionsubversion-develsudosudo-develsysconfigsysconfig-netconfigsyslog-servicesysvinit-toolswhoistartar-langtar-rmttboottcpdumptftptpm2.0-toolsucode-intelunixODBCunixODBC-develunzipupdate-alternativesvimvim-datavim-data-commonw3mwgetwpa_supplicantxdg-utilsxen-libsxen-tools-domUxf86-video-intelxorg-x11xorg-x11-essentialsxrdbxorg-x11-develxorg-x11-libsxorg-x11-serverxorg-x11-server-extraxscreensaverxscreensaver-dataxscreensaver-langyast2yast2-coreyast2-core-develyast2-usersyubikey-managerzoozypperzypper-logamavisd-newamavisd-new-docslibavahi-client3-32bitlibavahi-common3-32bitaxisbtrfsmaintenancelibradospp-develpython3-ceph-argparselibcups2-32bite2fsprogse2fsprogs-devellibcom_err-devellibcom_err-devel-staticlibcom_err2libcom_err2-32bitlibext2fs-devellibext2fs-devel-staticlibext2fs2g3utilsmgettyglibc-locale-baselibgnutls30-32bitgrub2-powerpc-ieee1275grub2-s390x-emujava-11-openjdkjava-11-openjdk-demojava-11-openjdk-develjava-11-openjdk-headlessjqlibjq-devellibjq1kernel-default-basekernel-default-mankernel-zfcpdumpxorg-x11-Xvnc-modulelibcaca-devellibcaca0libcaca0-pluginslibdcerpc-binding0-32bitlibdcerpc0-32bitlibndr-krb5pac0-32bitlibndr-nbt0-32bitlibndr-standard0-32bitlibndr0-32bitlibnetapi0-32bitlibsamba-credentials0-32bitlibsamba-errors0-32bitlibsamba-hostconfig0-32bitlibsamba-passdb0-32bitlibsamba-policy-python3-devellibsamba-policy0-python3libsamba-util0-32bitlibsamdb0-32bitlibsmbconf0-32bitlibsmbldap2-32bitlibtevent-util0-32bitlibwbclient0-32bitsamba-libs-32bitsamba-libs-python3samba-python3samba-winbind-32bitlibhogweed4-32bitlibnettle6-32bitlibidn11-32bitsssd-dbuslibjansson4-32bitliblcms2-2liblcms2-devellibldb1-32bitliblua5_3-5liblua5_3-5-32bitlua53lua53-devellibncurses6libncurses6-32bitncurses-develncurses-utilstackterminfoterminfo-baseterminfo-itermterminfo-screenlibnetpbm11netpbmliboath-devellibtasn1-6-32bitlibxkbcommon-devellibxkbcommon-x11-0libxkbcommon-x11-devellibxkbcommon0libykcs11-1libykcs11-devellibykpiv-devellibykpiv1yubico-piv-toolpatchperl-Archive-Zipperl-Mail-SpamAssassinspamassassinpython3-policycoreutilspowerpc-utilspython3-cryptographypython3-paramikorpmrpm-32bitrpm-develsocatsupportutilssysstatyast2-buildtoolsyast2-devtoolsyast2-multipathzshzypper-needs-restartingcontainerddocker-runcsle-module-containers-releasedockerdocker-bash-completiondocker-libnetworkruncpodmanpodman-cni-configImageMagickImageMagick-devellibMagick++-7_Q16HDRI4libMagick++-devellibMagickCore-7_Q16HDRI6libMagickWand-7_Q16HDRI6sle-module-desktop-applications-releaseMozillaFirefoxMozillaFirefox-develMozillaFirefox-translations-commonMozillaFirefox-translations-otherNetworkManagerNetworkManager-devellibnm-glib-vpn1libnm-glib4libnm-util2typelib-1_0-NMClient-1_0typelib-1_0-NetworkManager-1_0PackageKitPackageKit-backend-zyppPackageKit-develPackageKit-langlibpackagekit-glib2-18libpackagekit-glib2-develtypelib-1_0-PackageKitGlib-1_0accountsserviceaccountsservice-develaccountsservice-langlibaccountsservice0typelib-1_0-AccountsService-1_0audiofile-devellibaudiofile1avahi-autoipdbluezbluez-develbubblewrapcolord-color-profileslibcolord-devellibcolord-gtk-devellibcolord-gtk1libcolorhug2typelib-1_0-Colord-1_0typelib-1_0-ColordGtk-1_0typelib-1_0-Colorhug-1_0conkyconky-docvim-plugin-conkycups-pk-helpercups-pk-helper-langemacs-x11eogeog-develeog-langevinceevince-develevince-langevince-plugin-djvudocumentevince-plugin-dvidocumentevince-plugin-pdfdocumentevince-plugin-psdocumentevince-plugin-tiffdocumentevince-plugin-xpsdocumentlibevdocument3-4libevview3-3nautilus-evincetypelib-1_0-EvinceDocument-3_0typelib-1_0-EvinceView-3_0fetchmailconffirewall-appletfirewall-configflatpakflatpak-devellibflatpak0typelib-1_0-Flatpak-1_0gcabgcab-develgcab-langlibgcab-1_0-0typelib-1_0-GCab-1_0gdgd-develgdk-pixbuf-query-loaders-32bitlibgdk_pixbuf-2_0-0-32bitgdmgdm-develgdm-langgdmflexiserverlibgdm1typelib-1_0-Gdm-1_0gnome-keyringgnome-keyring-32bitgnome-keyring-langgnome-keyring-pamgnome-keyring-pam-32bitlibgck-modules-gnome-keyringgnome-online-accounts-devellibgoa-1_0-0libgoa-backend-1_0-1typelib-1_0-Goa-1_0gnome-settings-daemongnome-settings-daemon-develgnome-settings-daemon-langgnome-shellgnome-shell-develgnome-shell-langgstreamer-develgstreamer-utilstypelib-1_0-Gst-1_0gstreamer-plugins-badgstreamer-plugins-bad-develgstreamer-plugins-bad-langlibgstadaptivedemux-1_0-0libgstbadallocators-1_0-0libgstbadaudio-1_0-0libgstbadbase-1_0-0libgstbadvideo-1_0-0libgstbasecamerabinsrc-1_0-0libgstcodecparsers-1_0-0libgstinsertbin-1_0-0libgstmpegts-1_0-0libgstplayer-1_0-0libgsturidownloader-1_0-0libgstwayland-1_0-0typelib-1_0-GstBadAllocators-1_0typelib-1_0-GstGL-1_0typelib-1_0-GstInsertBin-1_0typelib-1_0-GstMpegts-1_0typelib-1_0-GstPlayer-1_0gtk2-datagtk2-tools-32bitlibgtk-2_0-0-32bitgvimhplipibus-chewingibus-pinyinlibICE6-32bitlibIlmImf-2_2-23libIlmImfUtil-2_2-23openexr-devellibQt5OpenGLExtensions-devel-staticlibQt5Sql5-mysqllibQt5Sql5-postgresqllibQt5Sql5-unixODBClibqt5-qtbase-platformtheme-gtk3libSDL2-2_0-0libSDL2-devellibXcursor1-32bitlibXi6-32bitlibXinerama1-32bitlibXp6-32bitlibXrandr2-32bitlibXt6-32bitlibXvnc-devellibass-devellibass9libavcodec57libavutil-devellibavutil55libpostproc-devellibpostproc54libswresample-devellibswresample2libswscale-devellibswscale4libcairo2-32bitlibcdio++0libcdio-devellibcdio16libiso9660-10libudf0libexempi-devellibexempi3libexif-devellibexif12libexiv2-26libexiv2-devellibgme-devellibgme0libgnomesulibgnomesu-devellibgnomesu-langlibgnomesu0libgypsy-devellibgypsy0libical-devellibimobiledevice-devellibimobiledevice6libjasper-devellibjbig2-32bitlibjpeg8-32bitlibkpathsea6libptexenc1libsynctex1libtexlua52-5libtexluajit2perl-bibertexlivetexlive-12manytexlive-2uptexlive-Asana-Mathtexlive-Asana-Math-fontstexlive-ESIEEcvtexlive-FAQ-entexlive-GS1texlive-HA-prospertexlive-IEEEconftexlive-IEEEtrantexlive-MemoirChapStylestexlive-SIstyletexlive-SIunitstexlive-Tabbingtexlive-Type1fontstexlive-a0postertexlive-a2pingtexlive-a2ping-bintexlive-a4widetexlive-a5combtexlive-aastextexlive-abbrtexlive-abctexlive-abntex2texlive-abracestexlive-abstracttexlive-abstylestexlive-academiconstexlive-academicons-fontstexlive-accanthistexlive-accanthis-fontstexlive-accfontstexlive-accfonts-bintexlive-achemsotexlive-acmarttexlive-acmconftexlive-acrotexlive-acronymtexlive-acrotermtexlive-active-conftexlive-actuarialangletexlive-actuarialsymboltexlive-addfonttexlive-addlinestexlive-adfathesistexlive-adforntexlive-adforn-fontstexlive-adfsymbolstexlive-adfsymbols-fontstexlive-adhocfilelisttexlive-adhocfilelist-bintexlive-adjmulticoltexlive-adjustboxtexlive-adobemappingtexlive-adrconvtexlive-adtreestexlive-advdatetexlive-aetexlive-aecctexlive-aeguilltexlive-afm2pltexlive-afm2pl-bintexlive-afparticletexlive-afthesistexlive-aguplustexlive-aiaatexlive-aichejtexlive-ajltexlive-akktextexlive-aklettertexlive-alegreyatexlive-alegreya-fontstexlive-alephtexlive-aleph-bintexlive-alertmessagetexlive-algtexlive-algorithm2etexlive-algorithmicxtexlive-algorithmstexlive-alkalamitexlive-alkalami-fontstexlive-allrunestexlive-allrunes-fontstexlive-almfixedtexlive-almfixed-fontstexlive-alnumsectexlive-alterqcmtexlive-altfonttexlive-ametsoctexlive-amiritexlive-amiri-fontstexlive-amsaddrtexlive-amsclstexlive-amsfontstexlive-amsfonts-fontstexlive-amslatex-primertexlive-amsldoc-ittexlive-amsldoc-vntexlive-amsmathtexlive-amsmath-ittexlive-amsrefstexlive-amstextexlive-amstex-bintexlive-amsthdoc-ittexlive-animatetexlive-anonchaptexlive-anonymousprotexlive-anonymouspro-fontstexlive-answerstexlive-antiquatexlive-antiqua-fontstexlive-antomegatexlive-antttexlive-antt-fontstexlive-anufinalexamtexlive-anyfontsizetexlive-anysizetexlive-aobs-tikztexlive-aomarttexlive-apatexlive-apa6texlive-apa6etexlive-apacitetexlive-apalike-germantexlive-apalike2texlive-apnumtexlive-appendixtexlive-appendixnumberbeamertexlive-apprends-latextexlive-apptoolstexlive-apxprooftexlive-arabitexlive-arabi-addtexlive-arabi-fontstexlive-arabluatextexlive-arabtextexlive-arabtex-fontstexlive-arabxetextexlive-aramaic-sertotexlive-aramaic-serto-fontstexlive-araratexlive-arara-bintexlive-archaeologietexlive-archaictexlive-archaic-fontstexlive-arcstexlive-arevtexlive-arev-fontstexlive-arimotexlive-arimo-fontstexlive-armtextexlive-armtex-fontstexlive-around-the-bendtexlive-arphictexlive-arphic-fontstexlive-arphic-ttftexlive-arphic-ttf-fontstexlive-arrayjobxtexlive-arraysorttexlive-arsclassicatexlive-articleingudtexlive-arydshlntexlive-asaetrtexlive-asapsymtexlive-asapsym-fontstexlive-asceliketexlive-ascii-charttexlive-ascii-fonttexlive-ascii-font-fontstexlive-asciilisttexlive-askmapstexlive-aspectratiotexlive-aspectratio-fontstexlive-assignmenttexlive-assoccnttexlive-astrotexlive-asyfigtexlive-asymptotetexlive-asymptote-bintexlive-asymptote-by-example-zh-cntexlive-asymptote-faq-zh-cntexlive-asymptote-manual-zh-cntexlive-asypicturebtexlive-attachfiletexlive-aucklandthesistexlive-augietexlive-augie-fontstexlive-auncial-newtexlive-auncial-new-fontstexlive-auricaltexlive-aurical-fontstexlive-aurltexlive-authoraftertitletexlive-authorindextexlive-authorindex-bintexlive-auto-pst-pdftexlive-autoalignetexlive-autoareatexlive-autobreaktexlive-automatatexlive-autonumtexlive-autopdftexlive-autosptexlive-autosp-bintexlive-avantgartexlive-avantgar-fontstexlive-avremutexlive-awesomeboxtexlive-axodraw2texlive-b1encodingtexlive-babeltexlive-babel-albaniantexlive-babel-azerbaijanitexlive-babel-basquetexlive-babel-belarusiantexlive-babel-bosniantexlive-babel-bretontexlive-babel-bulgariantexlive-babel-catalantexlive-babel-croatiantexlive-babel-czechtexlive-babel-danishtexlive-babel-dutchtexlive-babel-englishtexlive-babel-esperantotexlive-babel-estoniantexlive-babel-finnishtexlive-babel-frenchtexlive-babel-friulantexlive-babel-galiciantexlive-babel-georgiantexlive-babel-germantexlive-babel-greektexlive-babel-hebrewtexlive-babel-hungariantexlive-babel-icelandictexlive-babel-indonesiantexlive-babel-interlinguatexlive-babel-irishtexlive-babel-italiantexlive-babel-japanesetexlive-babel-kurmanjitexlive-babel-latintexlive-babel-latviantexlive-babel-macedoniantexlive-babel-malaytexlive-babel-norsktexlive-babel-occitantexlive-babel-piedmontesetexlive-babel-polishtexlive-babel-portugestexlive-babel-romaniantexlive-babel-romanshtexlive-babel-russiantexlive-babel-samintexlive-babel-scottishtexlive-babel-serbiantexlive-babel-serbianctexlive-babel-slovaktexlive-babel-sloveniantexlive-babel-sorbiantexlive-babel-spanglishtexlive-babel-spanishtexlive-babel-swedishtexlive-babel-thaitexlive-babel-turkishtexlive-babel-ukrainiantexlive-babel-vietnamesetexlive-babel-welshtexlive-babelbibtexlive-backgroundtexlive-backnaurtexlive-baekmuktexlive-baekmuk-fontstexlive-bagpipetexlive-bangorcsthesistexlive-bangorexamtexlive-bangtextexlive-bankstatementtexlive-barcodestexlive-bardiagtexlive-barrtexlive-bartel-chess-fontstexlive-bashfultexlive-basicarithtexlive-baskervaldtexlive-baskervald-fontstexlive-baskervaldxtexlive-baskervaldx-fontstexlive-baskervilleftexlive-baskervillef-fontstexlive-basque-booktexlive-basque-datetexlive-bbcardtexlive-bbdingtexlive-bbmtexlive-bbm-macrostexlive-bboldtexlive-bbold-type1texlive-bbold-type1-fontstexlive-bcharttexlive-bclogotexlive-beamertexlive-beamer-FUBerlintexlive-beamer-tut-pttexlive-beamer-veronatexlive-beamer2thesistexlive-beameraudiencetexlive-beamercolorthemeowltexlive-beamerdarkthemestexlive-beamerpostertexlive-beamersubframetexlive-beamerswitchtexlive-beamertheme-cuernatexlive-beamertheme-detlevcmtexlive-beamertheme-epyttexlive-beamertheme-metropolistexlive-beamertheme-phnompenhtexlive-beamertheme-upenn-bctexlive-beamerthemejltreetexlive-beamerthemenirmatexlive-beebetexlive-begingreektexlive-begrifftexlive-belleektexlive-belleek-fontstexlive-bengalitexlive-beratexlive-bera-fontstexlive-berenisadftexlive-berenisadf-fontstexlive-besjournalstexlive-bestpaperstexlive-betababeltexlive-betontexlive-beurontexlive-beuron-fontstexlive-bewerbungtexlive-bez123texlive-bezostexlive-bgreektexlive-bgteubnertexlive-bguqtexlive-bguq-fontstexlive-bhcexamtexlive-bib-frtexlive-bibartstexlive-bibertexlive-biber-bintexlive-bibexporttexlive-bibexport-bintexlive-bibhtmltexlive-biblatextexlive-biblatex-abnttexlive-biblatex-anonymoustexlive-biblatex-apatexlive-biblatex-archaeologytexlive-biblatex-arthistory-bonntexlive-biblatex-bookinarticletexlive-biblatex-bookinothertexlive-biblatex-bwltexlive-biblatex-caspervectortexlive-biblatex-cheatsheettexlive-biblatex-chemtexlive-biblatex-chicagotexlive-biblatex-clavestexlive-biblatex-dwtexlive-biblatex-fiwitexlive-biblatex-gb7714-2015texlive-biblatex-gosttexlive-biblatex-historiantexlive-biblatex-ieeetexlive-biblatex-ijsratexlive-biblatex-iso690texlive-biblatex-juradisstexlive-biblatex-lnitexlive-biblatex-luh-ipwtexlive-biblatex-manuscripts-philologytexlive-biblatex-mlatexlive-biblatex-morenamestexlive-biblatex-multiple-dmtexlive-biblatex-musuostexlive-biblatex-naturetexlive-biblatex-nejmtexlive-biblatex-nottsclassictexlive-biblatex-opcit-booktitletexlive-biblatex-oxreftexlive-biblatex-philosophytexlive-biblatex-phystexlive-biblatex-publisttexlive-biblatex-realauthortexlive-biblatex-sbltexlive-biblatex-sciencetexlive-biblatex-shortfieldstexlive-biblatex-source-divisiontexlive-biblatex-subseriestexlive-biblatex-swiss-legaltexlive-biblatex-tradtexlive-biblatex-true-citepages-omittexlive-biblereftexlive-bibleref-frenchtexlive-bibleref-germantexlive-bibleref-ldstexlive-bibleref-mouthtexlive-bibleref-parsetexlive-bibletexttexlive-biblisttexlive-bibtextexlive-bibtex-bintexlive-bibtex8texlive-bibtex8-bintexlive-bibtexperllibstexlive-bibtexutexlive-bibtexu-bintexlive-bibtopictexlive-bibtopicprefixtexlive-bibunitstexlive-biditexlive-bidi-atbegshitexlive-bidicontourtexlive-bidihltexlive-bidipagegridtexlive-bidipresentationtexlive-bidishadowtexttexlive-bigfoottexlive-bigintstexlive-bin-develtexlive-binarytreetexlive-binomexptexlive-biochemistry-colorstexlive-biocontexlive-biolett-bsttexlive-bitelisttexlive-bitpatterntexlive-bizcardtexlive-blacklettert1texlive-blindtexttexlive-blkarraytexlive-blochspheretexlive-blocktexlive-blockdraw_mptexlive-bloquestexlive-bloxtexlive-bnumexprtexlive-bodegraphtexlive-bohrtexlive-boisiktexlive-boitestexlive-bold-extratexlive-boldtensorstexlive-bondgraphtexlive-bondgraphstexlive-bookcovertexlive-bookdbtexlive-bookesttexlive-bookhandstexlive-bookhands-fontstexlive-booklettexlive-bookmantexlive-bookman-fontstexlive-booktabstexlive-booktabs-detexlive-booktabs-frtexlive-boolexprtexlive-boondoxtexlive-boondox-fontstexlive-bophooktexlive-borceuxtexlive-bosisiotexlive-boxedminipagetexlive-boxedminipage2etexlive-boxhandlertexlive-bpchemtexlive-bpolynomialtexlive-br-lextexlive-bracketkeytexlive-braidstexlive-brailletexlive-brakettexlive-brandeis-dissertationtexlive-breakcitestexlive-breakurltexlive-bredzenietexlive-breqntexlive-bropdtexlive-brushscrtexlive-brushscr-fontstexlive-bullcntrtexlive-bundledoctexlive-bundledoc-bintexlive-burmesetexlive-burmese-fontstexlive-bussproofstexlive-bxbasetexlive-bxcalctexlive-bxcjkjatypetexlive-bxdpx-beamertexlive-bxdvidrivertexlive-bxeepictexlive-bxenclosetexlive-bxjalipsumtexlive-bxjaprnindtexlive-bxjsclstexlive-bxnewfonttexlive-bxorigcapttexlive-bxpapersizetexlive-bxpdfvertexlive-bytefieldtexlive-c-pascaltexlive-c90texlive-cabintexlive-cabin-fontstexlive-cachepictexlive-cachepic-bintexlive-caladeatexlive-caladea-fontstexlive-calcagetexlive-calctabtexlive-calculationtexlive-calculatortexlive-calligratexlive-calligra-type1texlive-calligra-type1-fontstexlive-calloutstexlive-calrsfstexlive-calstexlive-calxxxx-yyyytexlive-canceltexlive-canoniclayouttexlive-cantarelltexlive-cantarell-fontstexlive-capt-oftexlive-captconttexlive-captdeftexlive-captiontexlive-carbohydratestexlive-carlisletexlive-carlitotexlive-carlito-fontstexlive-carolmin-pstexlive-carolmin-ps-fontstexlive-cascadillatexlive-casestexlive-casyltexlive-catchfilebetweentagstexlive-catcodestexlive-catechistexlive-catoptionstexlive-cbcoptictexlive-cbcoptic-fontstexlive-cbfontstexlive-cbfonts-fdtexlive-cbfonts-fontstexlive-cc-pltexlive-cc-pl-fontstexlive-ccaptiontexlive-ccfontstexlive-cciconstexlive-ccicons-fontstexlive-cclicensestexlive-cdtexlive-cd-covertexlive-cdpbundltexlive-celltexlive-cellspacetexlive-celtictexlive-censortexlive-cfr-initialstexlive-cfr-lmtexlive-changebartexlive-changelayouttexlive-changepagetexlive-changestexlive-chappgtexlive-chapterfoldertexlive-chartertexlive-charter-fontstexlive-chbibreftexlive-checkcitestexlive-checkcites-bintexlive-checklistingstexlive-checklistings-bintexlive-chem-journaltexlive-chemarrowtexlive-chemarrow-fontstexlive-chembsttexlive-chemcompoundstexlive-chemconotexlive-chemexectexlive-chemfigtexlive-chemformulatexlive-chemgreektexlive-chemmacrostexlive-chemnumtexlive-chemschemextexlive-chemstyletexlive-cherokeetexlive-chesstexlive-chess-problem-diagramstexlive-chessboardtexlive-chessfsstexlive-chettexlive-chextrastexlive-chicagotexlive-chicago-annotetexlive-chickenizetexlive-childdoctexlive-chivotexlive-chivo-fontstexlive-chkfloattexlive-chktextexlive-chktex-bintexlive-chlettertexlive-chngcntrtexlive-chronologytexlive-chronosystexlive-chscitetexlive-churchslavonictexlive-cinzeltexlive-cinzel-fontstexlive-circtexlive-circuitikztexlive-citetexlive-citealltexlive-cjetexlive-cjhebrewtexlive-cjhebrew-fontstexlive-cjktexlive-cjk-gs-integratetexlive-cjk-gs-integrate-bintexlive-cjk-kotexlive-cjkpuncttexlive-cjkutilstexlive-cjkutils-bintexlive-classicstexlive-classicthesistexlive-classpacktexlive-cleanthesistexlive-clearsanstexlive-clearsans-fontstexlive-clefvaltexlive-clevereftexlive-clipboardtexlive-clocktexlive-clozetexlive-clrscodetexlive-clrscode3etexlive-cmtexlive-cm-lgctexlive-cm-lgc-fontstexlive-cm-supertexlive-cm-super-fontstexlive-cm-unicodetexlive-cm-unicode-fontstexlive-cmaptexlive-cmarrowstexlive-cmbrighttexlive-cmcyrtexlive-cmcyr-fontstexlive-cmdstringtexlive-cmdtracktexlive-cmexbtexlive-cmexb-fontstexlive-cmextratexlive-cmlltexlive-cmll-fontstexlive-cmpicatexlive-cmpjtexlive-cmsdtexlive-cmtiuptexlive-cnbwptexlive-cnltxtexlive-cnstexlive-cntformatstexlive-cntperchaptexlive-cochinealtexlive-cochineal-fontstexlive-codedoctexlive-codepagetexlive-codesectiontexlive-codicefiscaleitalianotexlive-collcelltexlive-collectboxtexlive-collreftexlive-colordoctexlive-colorinfotexlive-coloringtexlive-colorseptexlive-colorspacetexlive-colortabtexlive-colortbltexlive-colorwavtexlive-colorwebtexlive-colourchangetexlive-combelowtexlive-combinetexlive-combinedgraphicstexlive-combofonttexlive-comfortaatexlive-comfortaa-fontstexlive-comicneuetexlive-comicneue-fontstexlive-commatexlive-commadotexlive-commathtexlive-commenttexlive-compactbibtexlive-complexitytexlive-components-of-TeXtexlive-comprehensivetexlive-computational-complexitytexlive-conceptstexlive-concmathtexlive-concmath-fontstexlive-concprogtexlive-concretetexlive-confproctexlive-constantstexlive-conteqtexlive-contexttexlive-context-accounttexlive-context-algorithmictexlive-context-animationtexlive-context-annotationtexlive-context-bintexlive-context-bnftexlive-context-chromatotexlive-context-cmscbftexlive-context-cmttbftexlive-context-construction-plantexlive-context-cyrillicnumberstexlive-context-degradetexlive-context-fancybreaktexlive-context-filtertexlive-context-fontstexlive-context-frenchtexlive-context-fullpagetexlive-context-gantttexlive-context-gnuplottexlive-context-inifiletexlive-context-layouttexlive-context-lettertexlive-context-lettrinetexlive-context-mathsetstexlive-context-notes-zh-cntexlive-context-rsttexlive-context-rubytexlive-context-simplefontstexlive-context-simpleslidestexlive-context-titletexlive-context-transliteratortexlive-context-typeareatexlive-context-typescriptstexlive-context-vimtexlive-context-visualcountertexlive-continuetexlive-contourtexlive-contracardtexlive-conv-xkvtexlive-convbkmktexlive-convbkmk-bintexlive-cookingtexlive-cooking-unitstexlive-cookingsymbolstexlive-cooltexlive-coollisttexlive-coolstrtexlive-coolthmstexlive-cooltooltipstexlive-coordsystexlive-copyedittexlive-copyrightboxtexlive-cormorantgaramondtexlive-cormorantgaramond-fontstexlive-correctmathaligntexlive-coseoultexlive-countriesofeuropetexlive-countriesofeurope-fontstexlive-counttexrunstexlive-couriertexlive-courier-fontstexlive-courier-scaledtexlive-courseoutlinetexlive-coursepapertexlive-coverpagetexlive-covingtontexlive-cprotecttexlive-cquthesistexlive-crboxtexlive-crimsontexlive-crimson-fontstexlive-croptexlive-crossreferencetexlive-crossrefwaretexlive-crossrefware-bintexlive-crosswordtexlive-crosswrdtexlive-cryptocodetexlive-crysttexlive-cryst-fontstexlive-cstexlive-cs-fontstexlive-csbulletintexlive-cslatextexlive-cslatex-bintexlive-csplaintexlive-csplain-bintexlive-csquotestexlive-csquotes-detexlive-css-colorstexlive-cstextexlive-cstypotexlive-csvsimpletexlive-ctabletexlive-ctablestacktexlive-ctan_chktexlive-ctanifytexlive-ctanify-bintexlive-ctanuploadtexlive-ctanupload-bintexlive-ctextexlive-ctex-faqtexlive-ctibtexlive-ctietexlive-ctie-bintexlive-cuisinetexlive-currencytexlive-currfiletexlive-currvitatexlive-cursolatextexlive-curvetexlive-curve2etexlive-curvestexlive-custom-bibtexlive-cutwintexlive-cvtexlive-cv4twtexlive-cwebtexlive-cweb-bintexlive-cweb-latextexlive-cybertexlive-cybercictexlive-cykloptexlive-cyklop-fontstexlive-cyrillictexlive-cyrillic-bintexlive-cyrillic-bin-bintexlive-cyrplaintexlive-dadtexlive-dad-fontstexlive-dancerstexlive-dantelogotexlive-dantelogo-fontstexlive-dashboxtexlive-dashruletexlive-dashundergapstexlive-datareftexlive-datatooltexlive-dateilistetexlive-datenumbertexlive-datetimetexlive-datetime2texlive-datetime2-bahasaitexlive-datetime2-basquetexlive-datetime2-bretontexlive-datetime2-bulgariantexlive-datetime2-catalantexlive-datetime2-croatiantexlive-datetime2-czechtexlive-datetime2-danishtexlive-datetime2-dutchtexlive-datetime2-en-fulltexttexlive-datetime2-englishtexlive-datetime2-esperantotexlive-datetime2-estoniantexlive-datetime2-finnishtexlive-datetime2-frenchtexlive-datetime2-galiciantexlive-datetime2-germantexlive-datetime2-greektexlive-datetime2-hebrewtexlive-datetime2-icelandictexlive-datetime2-irishtexlive-datetime2-it-fulltexttexlive-datetime2-italiantexlive-datetime2-latintexlive-datetime2-lsorbiantexlive-datetime2-magyartexlive-datetime2-norsktexlive-datetime2-polishtexlive-datetime2-portugestexlive-datetime2-romaniantexlive-datetime2-russiantexlive-datetime2-samintexlive-datetime2-scottishtexlive-datetime2-serbiantexlive-datetime2-slovaktexlive-datetime2-slovenetexlive-datetime2-spanishtexlive-datetime2-swedishtexlive-datetime2-turkishtexlive-datetime2-ukrainiantexlive-datetime2-usorbiantexlive-datetime2-welshtexlive-dblfloatfixtexlive-dccpapertexlive-dcpictexlive-de-macrotexlive-de-macro-bintexlive-decimaltexlive-decoruletexlive-dehyph-exptltexlive-dejavutexlive-dejavu-fontstexlive-delimtexlive-delimseasytexlive-delimsettexlive-delimtxttexlive-denisbdoctexlive-detextexlive-detex-bintexlive-dhuatexlive-diadiatexlive-diadia-bintexlive-diagboxtexlive-diagmac2texlive-diagnosetexlive-dialogltexlive-dicetexlive-dichokeytexlive-dickimawtexlive-dictsymtexlive-dictsym-fontstexlive-diffcoefftexlive-digiconfigstexlive-din1505texlive-dinattexlive-dinbrieftexlive-dingbattexlive-directorytexlive-dirtreetexlive-dirtytalktexlive-dissertexlive-dithesistexlive-dk-bibtexlive-dlfltxbtexlive-dnaseqtexlive-dnptexlive-doc-pictextexlive-docbytextexlive-doclicensetexlive-docmfptexlive-docmutetexlive-docsurveytexlive-doctoolstexlive-documentationtexlive-doitexlive-doipubmedtexlive-dosepsbintexlive-dosepsbin-bintexlive-dot2texitexlive-dotarrowtexlive-dotseqntexlive-dottextexlive-doublestroketexlive-doublestroke-fontstexlive-dowithtexlive-downloadtexlive-doxtexlive-dozenaltexlive-dozenal-fontstexlive-dpfloattexlive-dprogresstexlive-dractexlive-draftcopytexlive-draftfiguretexlive-draftwatermarktexlive-dramatisttexlive-dratextexlive-drawmatrixtexlive-drawstacktexlive-drmtexlive-drm-fontstexlive-droidtexlive-droid-fontstexlive-droit-frtexlive-drstexlive-drvtexlive-dsptrickstexlive-dtktexlive-dtltexlive-dtl-bintexlive-dtxdescribetexlive-dtxgallerytexlive-dtxgentexlive-dtxgen-bintexlive-dtxtuttexlive-duerertexlive-duerer-latextexlive-duotenzortexlive-dutchcaltexlive-dutchcal-fontstexlive-dvdcolltexlive-dvglosstexlive-dviasmtexlive-dviasm-bintexlive-dvicopytexlive-dvicopy-bintexlive-dvidvitexlive-dvidvi-bintexlive-dviincltexlive-dviinfoxtexlive-dviinfox-bintexlive-dviljktexlive-dviljk-bintexlive-dvipdfmxtexlive-dvipdfmx-bintexlive-dvipngtexlive-dvipng-bintexlive-dvipostexlive-dvipos-bintexlive-dvipstexlive-dvips-bintexlive-dvipsconfigtexlive-dvisvgmtexlive-dvisvgm-bintexlive-dynamicnumbertexlive-dynblockstexlive-dyntreetexlive-e-frenchtexlive-eantexlive-ean13isbntexlive-easytexlive-easy-todotexlive-easyfigtexlive-easyformattexlive-easylisttexlive-easyreviewtexlive-ebeziertexlive-ebgaramondtexlive-ebgaramond-fontstexlive-ebgaramond-mathstexlive-ebongtexlive-ebong-bintexlive-ebooktexlive-ebprooftexlive-ebsthesistexlive-ectexlive-ecctexlive-ecclesiastictexlive-ecgdrawtexlive-ecltreetexlive-ecotexlive-ecobiblatextexlive-econometricstexlive-economictexlive-ecvtexlive-edtexlive-edfnotestexlive-edmactexlive-edmargintexlive-ednotestexlive-eemeirtexlive-eepictexlive-efboxtexlive-egamepstexlive-egplottexlive-eiadtexlive-eiad-ltxtexlive-eijkhouttexlive-einfuehrungtexlive-einfuehrung2texlive-ejpecptexlive-ekaiatexlive-elbioimptexlive-electrumtexlive-electrum-fontstexlive-eledformtexlive-eledmactexlive-elementstexlive-ellipsetexlive-ellipsistexlive-elmathtexlive-elocalloctexlive-elprestexlive-elsarticletexlive-elteikthesistexlive-eltextexlive-elvishtexlive-elzcardstexlive-emarkstexlive-embedalltexlive-embractexlive-emftexlive-emisatexlive-emptexlive-emptypagetexlive-emulateapjtexlive-enctextexlive-encxvlnatexlive-endfloattexlive-endheadstexlive-endiagramtexlive-endnotestexlive-engprontexlive-engrectexlive-engtlctexlive-enigmatexlive-enoteztexlive-enumitemtexlive-enumitem-zreftexlive-envbigtexlive-environtexlive-envlabtexlive-epigraficatexlive-epigrafica-fontstexlive-epigramtexlive-epigraphtexlive-epiolmectexlive-epiolmec-fontstexlive-eplaintexlive-eplain-bintexlive-epsdicetexlive-epsftexlive-epsf-dvipdfmxtexlive-epsincltexlive-epslatex-frtexlive-epspdftexlive-epspdf-bintexlive-epspdfconversiontexlive-epstopdftexlive-epstopdf-bintexlive-eqelltexlive-eqlisttexlive-eqnaligntexlive-eqnametexlive-eqnarraytexlive-eqparboxtexlive-erdctexlive-erewhontexlive-erewhon-fontstexlive-erratatexlive-es-tex-faqtexlive-esamitexlive-esdifftexlive-esinttexlive-esint-type1texlive-esint-type1-fontstexlive-esktexlive-eskdtexlive-eskdxtexlive-eso-pictexlive-esrelationtexlive-esrelation-fontstexlive-esstixtexlive-esstix-fontstexlive-estcpmmtexlive-esvecttexlive-esvect-fontstexlive-etaremunetexlive-etdipatexlive-etextexlive-etex-pkgtexlive-etextoolstexlive-ethioptexlive-ethiop-t1texlive-ethiop-t1-fontstexlive-etoctexlive-etoolboxtexlive-etoolbox-detexlive-euenctexlive-eukdatetexlive-eulertexlive-eulerpxtexlive-eulervmtexlive-eurotexlive-euro-cetexlive-europasscvtexlive-europecvtexlive-eurosymtexlive-eurosym-fontstexlive-euxmtexlive-everyhooktexlive-everypagetexlive-examtexlive-exam-ntexlive-examdesigntexlive-exampletexlive-exampleptexlive-exceltextexlive-exceltex-bintexlive-excludeonlytexlive-exercisetexlive-exercisestexlive-exp-testopttexlive-expdlisttexlive-expextexlive-exporttexlive-expressgtexlive-exsheetstexlive-exsoltexlive-extarrowstexlive-extepstexlive-extpfeiltexlive-extracttexlive-extsizestexlive-facsimiletexlive-facturatexlive-facturetexlive-faktortexlive-fancyboxtexlive-fancyhdrtexlive-fancyhdr-ittexlive-fancylabeltexlive-fancynumtexlive-fancypartexlive-fancyreftexlive-fancyslidestexlive-fancytabstexlive-fancytooltipstexlive-fancyvrbtexlive-fandoltexlive-fandol-fontstexlive-fast-diagramtexlive-fbbtexlive-fbb-fontstexlive-fbithesistexlive-fbstexlive-fctexlive-fcavtextexlive-fcltxdoctexlive-fcolumntexlive-fdsymboltexlive-fdsymbol-fontstexlive-featposttexlive-feitexlive-fenixpartexlive-fetamonttexlive-fetamont-fontstexlive-feupphdtesestexlive-feyntexlive-feynmftexlive-feynmp-autotexlive-ffslidestexlive-fgetexlive-fge-fontstexlive-fgrulertexlive-fibeamertexlive-fifinddo-infotexlive-fifo-stacktexlive-fig4latextexlive-fig4latex-bintexlive-figbastexlive-figbas-fontstexlive-figbibtexlive-figflowtexlive-figsizetexlive-filecontentstexlive-filecontentsdeftexlive-filedatetexlive-filehooktexlive-fileinfotexlive-filemodtexlive-finbibtexlive-findhyphtexlive-findhyph-bintexlive-finktexlive-finstruttexlive-firatexlive-fira-fontstexlive-first-latex-doctexlive-fitboxtexlive-fithesistexlive-fix2coltexlive-fixcmextexlive-fixfoottexlive-fixlatviantexlive-fixltxhyphtexlive-fixmetexlive-fixmetodonotestexlive-fixpdfmagtexlive-fjodortexlive-flabelstexlive-flacardstexlive-flagderivtexlive-flashcardstexlive-flashmovietexlive-flipbooktexlive-flippdftexlive-floattexlive-floatrowtexlive-flowcharttexlive-flowframtexlive-fltpointtexlive-fmptexlive-fmtcounttexlive-fn2endtexlive-fnbreaktexlive-fncychaptexlive-fncylabtexlive-fnparatexlive-fnpcttexlive-fnspetexlive-fntprooftexlive-fnumprinttexlive-foekfonttexlive-foekfont-fontstexlive-foilhtmltexlive-fonetikatexlive-fonetika-fontstexlive-font-changetexlive-font-change-xetextexlive-fontawesometexlive-fontawesome-fontstexlive-fontaxestexlive-fontbooktexlive-fontchtexlive-fontinsttexlive-fontinst-bintexlive-fontmfizztexlive-fontmfizz-fontstexlive-fontnametexlive-fontoolstexlive-fontools-bintexlive-fonts-churchslavonictexlive-fonts-churchslavonic-fontstexlive-fonts-tlwgtexlive-fonts-tlwg-fontstexlive-fontspectexlive-fonttabletexlive-fontwaretexlive-fontware-bintexlive-fontwraptexlive-footbibtexlive-footmisctexlive-footmisxtexlive-footnotebackreftexlive-footnotehypertexlive-footnoterangetexlive-footnpagtexlive-forarraytexlive-foreigntexlive-foresttexlive-forest-quickstarttexlive-forlooptexlive-formation-latex-ultexlive-formletttexlive-formulartexlive-fouridxtexlive-fouriertexlive-fourier-fontstexlive-fouriernctexlive-fptexlive-fpltexlive-fpl-fontstexlive-fragmastertexlive-fragmaster-bintexlive-fragmentstexlive-frametexlive-framedtexlive-francais-bsttexlive-frankensteintexlive-frcursivetexlive-frcursive-fontstexlive-frederika2016texlive-frederika2016-fontstexlive-fregetexlive-frlettertexlive-frontespiziotexlive-ftcaptexlive-ftnxtratexlive-fullblcktexlive-fullminipagetexlive-fullwidthtexlive-functantexlive-fundus-calligratexlive-fundus-cyrtexlive-fundus-sueterlintexlive-fvextratexlive-fwlwtexlive-g-brieftexlive-gacetatexlive-galoistexlive-gamebooktexlive-garriguestexlive-garuda-c90texlive-gastextexlive-gatech-thesistexlive-gatestexlive-gausstexlive-gb4etexlive-gcardtexlive-gchordstexlive-gcitetexlive-gendertexlive-gene-logictexlive-genealogytexlive-genealogytreetexlive-genmisctexlive-genmpagetexlive-gentium-tugtexlive-gentium-tug-fontstexlive-gentletexlive-geometrytexlive-geometry-detexlive-germantexlive-germbibtexlive-germkorrtexlive-geschichtsfrkltexlive-getfiledatetexlive-getitemstexlive-getmaptexlive-getmap-bintexlive-getoptktexlive-gfnotationtexlive-gfsartemisiatexlive-gfsartemisia-fontstexlive-gfsbaskervilletexlive-gfsbaskerville-fontstexlive-gfsbodonitexlive-gfsbodoni-fontstexlive-gfscomplutumtexlive-gfscomplutum-fontstexlive-gfsdidottexlive-gfsdidot-fontstexlive-gfsneohellenictexlive-gfsneohellenic-fontstexlive-gfsporsontexlive-gfsporson-fontstexlive-gfssolomostexlive-gfssolomos-fontstexlive-ghabtexlive-ghsystemtexlive-gillcmtexlive-gilliustexlive-gillius-fontstexlive-gincltextexlive-ginpenctexlive-gitfile-infotexlive-gitinfotexlive-gitinfo2texlive-gitlogtexlive-glosstexlive-gloss-occitantexlive-glossariestexlive-glossaries-bintexlive-glossaries-danishtexlive-glossaries-dutchtexlive-glossaries-englishtexlive-glossaries-extratexlive-glossaries-frenchtexlive-glossaries-germantexlive-glossaries-irishtexlive-glossaries-italiantexlive-glossaries-magyartexlive-glossaries-polishtexlive-glossaries-portugestexlive-glossaries-serbiantexlive-glossaries-spanishtexlive-glyphlisttexlive-gmdoctexlive-gmdoc-enhancetexlive-gmiflinktexlive-gmptexlive-gmutilstexlive-gmverbtexlive-gmversetexlive-gnu-freefonttexlive-gnu-freefont-fontstexlive-gnuplottextexlive-gotexlive-gobbletexlive-gofontstexlive-gofonts-fontstexlive-gosttexlive-gothictexlive-gotohtexlive-gradientframetexlive-gradstudentresumetexlive-grafcettexlive-granttexlive-graphboxtexlive-graphicstexlive-graphics-cfgtexlive-graphics-deftexlive-graphics-plntexlive-graphicx-psmintexlive-graphicxboxtexlive-graphviztexlive-grayhintstexlive-greek-fontenctexlive-greek-inputenctexlive-greekdatestexlive-greektextexlive-greektonoitexlive-greenpointtexlive-gregoriotextexlive-gregoriotex-bintexlive-gregoriotex-fontstexlive-grfpastetexlive-gridtexlive-grid-systemtexlive-gridsettexlive-grotesqtexlive-grotesq-fontstexlive-grundgesetzetexlive-gsemthesistexlive-gsftopktexlive-gsftopk-bintexlive-gtltexlive-gtrcrdtexlive-gtrlib-largetreestexlive-gutexlive-guide-to-latextexlive-guitartexlive-guitarchordschemestexlive-guitlogotexlive-gustlibtexlive-gustprogtexlive-gzttexlive-h2020proposaltexlive-hacmtexlive-hacm-fontstexlive-halloweenmathtexlive-handouttexlive-handstexlive-hangtexlive-hangingtexlive-hanoitexlive-happy4thtexlive-har2nattexlive-hardwraptexlive-harmonytexlive-harnon-cvtexlive-harpoontexlive-harvardtexlive-harveyballstexlive-harvmactexlive-hatchingtexlive-hausarbeit-juratexlive-havannahtexlive-hctexlive-he-shetexlive-helvetictexlive-helvetic-fontstexlive-heptexlive-hepnamestexlive-hepparticlestexlive-hepthesistexlive-hepunitstexlive-heretexlive-heuristicatexlive-heuristica-fontstexlive-hexgametexlive-hf-tikztexlive-hfbrighttexlive-hfbright-fontstexlive-hfoldstytexlive-hhtensortexlive-histogrtexlive-historische-zeitschrifttexlive-hitectexlive-hlettertexlive-hlisttexlive-hobbytexlive-hobetetexlive-hook-pre-commit-pkgtexlive-horoscoptexlive-hpsdisstexlive-hrefhidetexlive-hrlatextexlive-hustthesistexlive-hvfloattexlive-hvindextexlive-hypdvipstexlive-hypertexlive-hypernattexlive-hyperreftexlive-hyperref-docsrctexlive-hyperxmptexlive-hyph-utf8texlive-hyphen-afrikaanstexlive-hyphen-ancientgreektexlive-hyphen-arabictexlive-hyphen-armeniantexlive-hyphen-basetexlive-hyphen-basquetexlive-hyphen-belarusiantexlive-hyphen-bulgariantexlive-hyphen-catalantexlive-hyphen-chinesetexlive-hyphen-churchslavonictexlive-hyphen-coptictexlive-hyphen-croatiantexlive-hyphen-czechtexlive-hyphen-danishtexlive-hyphen-dutchtexlive-hyphen-englishtexlive-hyphen-esperantotexlive-hyphen-estoniantexlive-hyphen-ethiopictexlive-hyphen-farsitexlive-hyphen-finnishtexlive-hyphen-frenchtexlive-hyphen-friulantexlive-hyphen-galiciantexlive-hyphen-georgiantexlive-hyphen-germantexlive-hyphen-greektexlive-hyphen-hungariantexlive-hyphen-icelandictexlive-hyphen-indictexlive-hyphen-indonesiantexlive-hyphen-interlinguatexlive-hyphen-irishtexlive-hyphen-italiantexlive-hyphen-kurmanjitexlive-hyphen-latintexlive-hyphen-latviantexlive-hyphen-lithuaniantexlive-hyphen-mongoliantexlive-hyphen-norwegiantexlive-hyphen-occitantexlive-hyphen-piedmontesetexlive-hyphen-polishtexlive-hyphen-portuguesetexlive-hyphen-romaniantexlive-hyphen-romanshtexlive-hyphen-russiantexlive-hyphen-sanskrittexlive-hyphen-serbiantexlive-hyphen-slovaktexlive-hyphen-sloveniantexlive-hyphen-spanishtexlive-hyphen-swedishtexlive-hyphen-thaitexlive-hyphen-turkishtexlive-hyphen-turkmentexlive-hyphen-ukrainiantexlive-hyphen-uppersorbiantexlive-hyphen-welshtexlive-hyphenattexlive-hyphenextexlive-hyplaintexlive-ibycus-babeltexlive-ibygrktexlive-ibygrk-fontstexlive-icsvtexlive-idxcmdstexlive-idxlayouttexlive-ieeepestexlive-ietfbibstexlive-ifetextexlive-iffonttexlive-ifluatextexlive-ifmslidetexlive-ifmtargtexlive-ifnextoktexlive-ifoddpagetexlive-ifplatformtexlive-ifptextexlive-ifsymtexlive-iftextexlive-ifthenxtexlive-ifxetextexlive-iitemtexlive-ijmarttexlive-ijqctexlive-ijsratexlive-imactexlive-image-gallerytexlive-imakeidxtexlive-imfellenglishtexlive-imfellenglish-fontstexlive-impatienttexlive-impatient-cntexlive-impatient-frtexlive-impnattypotexlive-importtexlive-imsproctexlive-imtekdatexlive-incgraphtexlive-inconsolatatexlive-inconsolata-fontstexlive-indextexlive-indextoolstexlive-initialstexlive-initials-fontstexlive-inlinebibtexlive-inlinedeftexlive-inputtrctexlive-insboxtexlive-interactiveworkbooktexlive-interchartexlive-interfacestexlive-interpretertexlive-intervaltexlive-intro-scientifictexlive-inversepathtexlive-invoicetexlive-ionumberstexlive-iopart-numtexlive-ipaextexlive-ipaex-fontstexlive-ipaex-type1texlive-ipaex-type1-fontstexlive-iscramtexlive-isotexlive-iso10303texlive-isodatetexlive-isodoctexlive-isomathtexlive-isonumstexlive-isorottexlive-isotopetexlive-issuulinkstexlive-itnumpartexlive-iwhdptexlive-iwonatexlive-iwona-fontstexlive-jablantiletexlive-jacowtexlive-jadetextexlive-jadetex-bintexlive-jamtimestexlive-japanese-otftexlive-japanese-otf-uptextexlive-jknapltxtexlive-jlabelstexlive-jlreqtexlive-jmlrtexlive-jmntexlive-jmn-fontstexlive-jneuroscitexlive-jpsjtexlive-js-misctexlive-jsclassestexlive-jslectureplannertexlive-jumplinestexlive-junicodetexlive-junicode-fontstexlive-juratexlive-juraabbrevtexlive-jurabibtexlive-juramisctexlive-jurarsptexlive-jvlistingtexlive-kantlipsumtexlive-karnaughtexlive-karnaugh-maptexlive-karnaughmaptexlive-kastruptexlive-kdgdocstexlive-kerkistexlive-kerkis-fontstexlive-kerntesttexlive-keycommandtexlive-keyfloattexlive-keyreadertexlive-keystroketexlive-keyval2etexlive-keyvaltabletexlive-kixtexlive-kixfonttexlive-kluwertexlive-knittingtexlive-knitting-fontstexlive-knittingpatterntexlive-knowledgetexlive-knuthtexlive-knuth-libtexlive-knuth-localtexlive-knuthotherfontstexlive-koma-moderncvclassictexlive-koma-scripttexlive-koma-script-examplestexlive-koma-script-sfstexlive-komacvtexlive-kotex-oblivoirtexlive-kotex-plaintexlive-kotex-utftexlive-kotex-utilstexlive-kotex-utils-bintexlive-kpathseatexlive-kpathsea-bintexlive-kpathsea-develtexlive-kpfontstexlive-kpfonts-fontstexlive-ksfh_nattexlive-ksp-thesistexlive-ktv-texdatatexlive-kuriertexlive-kurier-fontstexlive-l2picfaqtexlive-l2tabutexlive-l2tabu-englishtexlive-l2tabu-frenchtexlive-l2tabu-italiantexlive-l2tabu-spanishtexlive-l3buildtexlive-l3experimentaltexlive-l3kerneltexlive-l3packagestexlive-labbooktexlive-labelstexlive-labyrinthtexlive-lachecktexlive-lacheck-bintexlive-laddertexlive-lambdatexlive-lambda-liststexlive-langcodetexlive-langscitexlive-lapdftexlive-lastpackagetexlive-lastpagetexlive-latextexlive-latex-bib-extexlive-latex-bib2-extexlive-latex-bintexlive-latex-bin-bintexlive-latex-brochuretexlive-latex-coursetexlive-latex-doc-ptrtexlive-latex-fontstexlive-latex-git-logtexlive-latex-git-log-bintexlive-latex-graphics-companiontexlive-latex-maketexlive-latex-notes-zh-cntexlive-latex-papersizetexlive-latex-papersize-bintexlive-latex-referenztexlive-latex-tabellentexlive-latex-tdstexlive-latex-veryshortguidetexlive-latex-web-companiontexlive-latex2e-help-texinfotexlive-latex2e-help-texinfo-frtexlive-latex2e-help-texinfo-spanishtexlive-latex2mantexlive-latex2man-bintexlive-latex2nemethtexlive-latex2nemeth-bintexlive-latex4wptexlive-latex4wp-ittexlive-latexbanglatexlive-latexbugtexlive-latexcheattexlive-latexcheat-detexlive-latexcheat-esmxtexlive-latexcheat-ptbrtexlive-latexconfigtexlive-latexcourse-rugtexlive-latexdemotexlive-latexdifftexlive-latexdiff-bintexlive-latexfileinfo-pkgstexlive-latexfileversiontexlive-latexfileversion-bintexlive-latexgittexlive-latexindenttexlive-latexindent-bintexlive-latexmktexlive-latexmk-bintexlive-latexmptexlive-latexpandtexlive-latexpand-bintexlive-latotexlive-lato-fontstexlive-layaureotexlive-layoutstexlive-lazylisttexlive-lcdtexlive-lcdftypetoolstexlive-lcdftypetools-bintexlive-lcgtexlive-lcywtexlive-leadingtexlive-leadsheetstexlive-leaflettexlive-lecturertexlive-ledmactexlive-leftidxtexlive-leipzigtexlive-lengthconverttexlive-lettretexlive-lettrinetexlive-levytexlive-lewistexlive-lexikontexlive-lexreftexlive-lfbtexlive-lgreektexlive-lhtexlive-lhcyrtexlive-lhelptexlive-libertinetexlive-libertine-fontstexlive-libertinegctexlive-libertinustexlive-libertinus-fontstexlive-libertinust1mathtexlive-libertinust1math-fontstexlive-libgreektexlive-librariantexlive-librebaskervilletexlive-librebaskerville-fontstexlive-librebodonitexlive-librebodoni-fontstexlive-librecaslontexlive-librecaslon-fontstexlive-libristexlive-libris-fontstexlive-lilyglyphstexlive-lilyglyphs-bintexlive-lilyglyphs-fontstexlive-limaptexlive-linearAtexlive-linearA-fontstexlive-linegoaltexlive-linenotexlive-ling-macrostexlive-linguextexlive-linoptexlive-lion-msctexlive-lipsumtexlive-lisp-on-textexlive-listbibtexlive-listbib-bintexlive-listingtexlive-listingstexlive-listings-exttexlive-listings-ext-bintexlive-listlblstexlive-listliketabtexlive-listofitemstexlive-listofsymbolstexlive-lithuaniantexlive-liturgtexlive-lkprooftexlive-lmtexlive-lm-fontstexlive-lm-mathtexlive-lm-math-fontstexlive-lmaketexlive-lnitexlive-lobster2texlive-lobster2-fontstexlive-localitytexlive-localloctexlive-logboxtexlive-logical-markup-utilstexlive-logicprooftexlive-logicpuzzletexlive-logpaptexlive-logreqtexlive-lollipoptexlive-lollipop-bintexlive-longdivisiontexlive-longfboxtexlive-longfiguretexlive-longnamefilelisttexlive-loopstexlive-lpformtexlive-lpictexlive-lplfitchtexlive-lpstexlive-lroundrecttexlive-lsctexlive-lshort-bulgariantexlive-lshort-chinesetexlive-lshort-czechtexlive-lshort-dutchtexlive-lshort-englishtexlive-lshort-estoniantexlive-lshort-finnishtexlive-lshort-frenchtexlive-lshort-germantexlive-lshort-italiantexlive-lshort-japanesetexlive-lshort-koreantexlive-lshort-mongoltexlive-lshort-persiantexlive-lshort-polishtexlive-lshort-portuguesetexlive-lshort-russiantexlive-lshort-slovaktexlive-lshort-sloveniantexlive-lshort-spanishtexlive-lshort-thaitexlive-lshort-turkishtexlive-lshort-ukrtexlive-lshort-vietnamesetexlive-lstaddonstexlive-lstbayestexlive-lt3graphtexlive-ltablextexlive-ltabptchtexlive-ltb2bibtexlive-ltxdockittexlive-ltxfileinfotexlive-ltxfileinfo-bintexlive-ltximgtexlive-ltximg-bintexlive-ltxindextexlive-ltxkeystexlive-ltxmisctexlive-ltxnewtexlive-ltxtoolstexlive-lua-alt-getopttexlive-lua-check-hyphentexlive-lua-visual-debugtexlive-lua2doxtexlive-lua2dox-bintexlive-luabibentrytexlive-luabiditexlive-luacodetexlive-luahyphenrulestexlive-luaindextexlive-luainputenctexlive-luaintrotexlive-lualatex-doctexlive-lualatex-doc-detexlive-lualatex-mathtexlive-lualibstexlive-luameshtexlive-luamplibtexlive-luaotfloadtexlive-luaotfload-bintexlive-luapackageloadertexlive-luasseqtexlive-luatextexlive-luatex-bintexlive-luatex85texlive-luatexbasetexlive-luatexjatexlive-luatexkotexlive-luatextratexlive-luatodonotestexlive-luaxmltexlive-lwarptexlive-lwarp-bintexlive-lxfontstexlive-lxfonts-fontstexlive-ly1texlive-m-txtexlive-m-tx-bintexlive-macros2etexlive-macroswaptexlive-mafrtexlive-magaztexlive-mailingtexlive-mailmergetexlive-make4httexlive-make4ht-bintexlive-makebarcodetexlive-makebasetexlive-makeboxtexlive-makecelltexlive-makecirctexlive-makecmdstexlive-makedtxtexlive-makedtx-bintexlive-makeglostexlive-makeindextexlive-makeindex-bintexlive-makeplottexlive-makeshapetexlive-manditexlive-manfnttexlive-manfnt-fonttexlive-manfnt-font-fontstexlive-manuscripttexlive-margbibtexlive-marginfixtexlive-marginnotetexlive-markdowntexlive-marvosymtexlive-marvosym-fontstexlive-matc3texlive-matc3memtexlive-match_parenstexlive-match_parens-bintexlive-math-etexlive-math-into-latex-4texlive-mathabxtexlive-mathabx-type1texlive-mathabx-type1-fontstexlive-mathalfatexlive-mathastexttexlive-mathcomptexlive-mathdesigntexlive-mathdesign-fontstexlive-mathdotstexlive-mathexamtexlive-mathpartirtexlive-mathpazotexlive-mathpazo-fontstexlive-mathpunctspacetexlive-maths-symbolstexlive-mathspectexlive-mathspictexlive-mathspic-bintexlive-mathtoolstexlive-matlab-prettifiertexlive-mattenstexlive-maybemathtexlive-mbenotestexlive-mcaptiontexlive-mceinlegertexlive-mcexamtexlive-mcf2graphtexlive-mcitetexlive-mciteplustexlive-mcmthesistexlive-mdframedtexlive-mdpututexlive-mdsymboltexlive-mdsymbol-fontstexlive-mdwtoolstexlive-media9texlive-medstarbeamertexlive-meetingminstexlive-memdesigntexlive-memexsupptexlive-memoirtexlive-memorytexlive-mendex-doctexlive-mentistexlive-menutexlive-menukeystexlive-merriweathertexlive-merriweather-fontstexlive-metafonttexlive-metafont-beginnerstexlive-metafont-bintexlive-metagotexlive-metalogotexlive-metaobjtexlive-metaplottexlive-metaposttexlive-metapost-bintexlive-metapost-examplestexlive-metapost-fontstexlive-metatextexlive-metatype1texlive-metaumltexlive-methodtexlive-metretexlive-metrixtexlive-mextexlive-mex-bintexlive-mf2pt1texlive-mf2pt1-bintexlive-mfirstuctexlive-mflogotexlive-mflogo-fonttexlive-mflogo-font-fontstexlive-mfluatexlive-mflua-bintexlive-mfnfsstexlive-mfpictexlive-mfpic4odetexlive-mftinctexlive-mfwaretexlive-mfware-bintexlive-mgltextexlive-mhchemtexlive-mhequtexlive-miamatexlive-miama-fontstexlive-microtypetexlive-microtype-detexlive-midnighttexlive-midpagetexlive-millertexlive-milogtexlive-miniboxtexlive-minidocumenttexlive-minifptexlive-minipage-marginpartexlive-miniplottexlive-minitoctexlive-minorrevisiontexlive-mintedtexlive-mintspirittexlive-mintspirit-fontstexlive-minutestexlive-missaalitexlive-missaali-fontstexlive-mkgrkindextexlive-mkgrkindex-bintexlive-mkjobtexmftexlive-mkjobtexmf-bintexlive-mkpatterntexlive-mkpictexlive-mkpic-bintexlive-mla-papertexlive-mlisttexlive-mltextexlive-mltex-bintexlive-mmaptexlive-mnotestexlive-mnrastexlive-mnsymboltexlive-mnsymbol-fontstexlive-moderncvtexlive-moderntimelinetexlive-modiagramtexlive-modreftexlive-modromantexlive-modulartexlive-mongolian-babeltexlive-monofilltexlive-montextexlive-montex-fontstexlive-montserrattexlive-montserrat-fontstexlive-moodletexlive-moreenumtexlive-morefloatstexlive-morehypetexlive-moresizetexlive-moreverbtexlive-morewritestexlive-movie15texlive-mp3dtexlive-mparhacktexlive-mparrowstexlive-mpatterntexlive-mpcolornamestexlive-mpgraphicstexlive-mpman-rutexlive-mpostinltexlive-mptopdftexlive-mptopdf-bintexlive-mptreestexlive-mstexlive-msctexlive-msgtexlive-mslapatexlive-msu-thesistexlive-mtgreektexlive-mucproctexlive-mugsthesistexlive-multenumtexlive-multiaudiencetexlive-multibbltexlive-multibibtexlive-multibibliographytexlive-multibibliography-bintexlive-multicaptexlive-multideftexlive-multidotexlive-multienvtexlive-multiexpandtexlive-multiobjectivetexlive-multirowtexlive-munichtexlive-musixguittexlive-musixtextexlive-musixtex-bintexlive-musixtex-fontstexlive-musixtex-fonts-fontstexlive-musixtnttexlive-musixtnt-bintexlive-musuostexlive-muthesistexlive-mversiontexlive-mwclstexlive-mwetexlive-mweightstexlive-mxedrulitexlive-mxedruli-fontstexlive-mychemistrytexlive-mycvtexlive-mylatexformattexlive-mynsfctexlive-nagtexlive-nameauthtexlive-namespctexlive-nanumtype1texlive-nanumtype1-fontstexlive-nartexlive-natbibtexlive-natdedtexlive-nathtexlive-naturetexlive-navigatortexlive-navydocstexlive-ncclatextexlive-ncctoolstexlive-ncntrsbktexlive-ncntrsbk-fontstexlive-nddisstexlive-ndsu-thesistexlive-needspacetexlive-nestquottexlive-neuralnetworktexlive-neveloktexlive-newcommandtexlive-newenvirontexlive-newfiletexlive-newlfmtexlive-newpxtexlive-newpx-fontstexlive-newsletrtexlive-newspapertexlive-newtxtexlive-newtx-fontstexlive-newtxsftexlive-newtxsf-fontstexlive-newtxtttexlive-newtxtt-fontstexlive-newunicodechartexlive-newvbtmtexlive-newverbstexlive-nextpagetexlive-nfssext-cfrtexlive-nicefilelisttexlive-niceframetexlive-nicetexttexlive-nihtexlive-nihbiosketchtexlive-nimbus15texlive-nimbus15-fontstexlive-nkartatexlive-nlctdoctexlive-nmbibtexlive-noconflicttexlive-nodetreetexlive-noindentaftertexlive-noitcrultexlive-nolbreakstexlive-nomencltexlive-nomentbltexlive-nonfloattexlive-nonumonparttexlive-nopagenotexlive-norasi-c90texlive-normalcolortexlive-nostarchtexlive-notestexlive-notes2bibtexlive-notespagestexlive-notex-bsttexlive-nototexlive-noto-fontstexlive-notoccitetexlive-noveltexlive-novel-fontstexlive-nowidowtexlive-noxtexlive-nrctexlive-ntgclasstexlive-ntheoremtexlive-ntheorem-vntexlive-nuctexlive-nucleardatatexlive-numberedblocktexlive-numericplotstexlive-numnametexlive-numprinttexlive-numspelltexlive-nwejmtexlive-oberdiektexlive-objectztexlive-obnovtexlive-ocg-ptexlive-ocgxtexlive-ocgx2texlive-ocherokeetexlive-ocherokee-fontstexlive-ocr-btexlive-ocr-b-outlinetexlive-ocr-b-outline-fontstexlive-ocr-latextexlive-octavotexlive-odsfiletexlive-ofstexlive-oghamtexlive-oinuittexlive-oinuit-fontstexlive-old-arrowstexlive-old-arrows-fontstexlive-oldlatintexlive-oldstandardtexlive-oldstandard-fontstexlive-oldstyletexlive-olsak-misctexlive-omegatexlive-omega-fontstexlive-omegawaretexlive-omegaware-bintexlive-onlyamsmathtexlive-onrannualtexlive-opcittexlive-opensanstexlive-opensans-fontstexlive-oplotsymbltexlive-optengtexlive-optideftexlive-optionaltexlive-optionstexlive-ordinalpttexlive-orkhuntexlive-oscolatexlive-ot-tableautexlive-othellotexlive-othelloboardtexlive-otibettexlive-oubracestexlive-outlinetexlive-outlinertexlive-outlinestexlive-overlaystexlive-overlocktexlive-overlock-fontstexlive-overpictexlive-paciolitexlive-padauktexlive-padauk-fontstexlive-pagecolortexlive-pageconttexlive-pagenotetexlive-pagerangetexlive-pagesltstexlive-palatinotexlive-palatino-fontstexlive-papertexlive-papercdcasetexlive-papermastexlive-papertextexlive-paracoltexlive-paradestexlive-paralisttexlive-paralleltexlive-paratypetexlive-paratype-fontstexlive-paressetexlive-parnotestexlive-parruntexlive-parselinestexlive-parskiptexlive-pas-courstexlive-pas-crosswordstexlive-pas-cvtexlive-pas-tableurtexlive-passivetextexlive-patchtexlive-patchcmdtexlive-patgentexlive-patgen-bintexlive-patgen2-tutorialtexlive-pathtexlive-pauldoctexlive-pawpicttexlive-paxtexlive-pax-bintexlive-pb-diagramtexlive-pbibtex-basetexlive-pboxtexlive-pbsheettexlive-pdf-transtexlive-pdf14texlive-pdfbook2texlive-pdfbook2-bintexlive-pdfcommenttexlive-pdfcprottexlive-pdfcroptexlive-pdfcrop-bintexlive-pdfjamtexlive-pdfjam-bintexlive-pdflatexpicscaletexlive-pdflatexpicscale-bintexlive-pdfmarginpartexlive-pdfpagedifftexlive-pdfpagestexlive-pdfscreentexlive-pdfslidetexlive-pdfsynctexlive-pdftextexlive-pdftex-bintexlive-pdftex-fontstexlive-pdftoolstexlive-pdftools-bintexlive-pdftrickstexlive-pdftricks2texlive-pdfwintexlive-pdfxtexlive-pdfxuptexlive-pdfxup-bintexlive-pechatexlive-pedigree-perltexlive-pedigree-perl-bintexlive-perceptiontexlive-perfectcuttexlive-perltextexlive-perltex-bintexlive-permutetexlive-persian-bibtexlive-petiteannoncetexlive-petri-netstexlive-petri-nets-bintexlive-pfarreitexlive-pfarrei-bintexlive-pgftexlive-pgf-blurtexlive-pgf-sorobantexlive-pgf-spectratexlive-pgf-umlcdtexlive-pgf-umlsdtexlive-pgfgantttexlive-pgfkeyxtexlive-pgfmolbiotexlive-pgfoptstexlive-pgfornamenttexlive-pgfplotstexlive-phaistostexlive-phaistos-fontstexlive-phffullpagefiguretexlive-phfnotetexlive-phfparentexlive-phfqittexlive-phfquotetexttexlive-phfsvnwatermarktexlive-phfthmtexlive-philextexlive-philokaliatexlive-philokalia-fontstexlive-philosophersimprinttexlive-phonenumberstexlive-phonetictexlive-phonruletexlive-phototexlive-physicstexlive-pianotexlive-picinpartexlive-pict2etexlive-pictextexlive-pictex2texlive-pictexsumtexlive-piechartmptexlive-pifftexlive-pigpentexlive-pigpen-fontstexlive-pinlabeltexlive-pitextexlive-pittetdtexlive-pkfixtexlive-pkfix-bintexlive-pkfix-helpertexlive-pkfix-helper-bintexlive-pkgloadertexlive-pkuthsstexlive-pltexlive-pl-fontstexlive-placeattexlive-placeinstexlive-placeins-plaintexlive-plaintexlive-plain-doctexlive-plainpkgtexlive-plantslabelstexlive-plaritexlive-platestexlive-platextexlive-platex-bintexlive-platex-toolstexlive-platexcheattexlive-playtexlive-playfairtexlive-playfair-fontstexlive-plipsumtexlive-plnfsstexlive-plstmarytexlive-plwebtexlive-pmgraphtexlive-pmxtexlive-pmx-bintexlive-pmxchordstexlive-pmxchords-bintexlive-pnas2009texlive-poemscoltexlive-poetrytextexlive-polskitexlive-poltawskitexlive-poltawski-fontstexlive-polyglossiatexlive-polynomtexlive-polynomialtexlive-polytabletexlive-postcardstexlive-poster-mactexlive-powerdottexlive-powerdot-FUBerlintexlive-ppr-prvtexlive-pracjourntexlive-preprinttexlive-prerextexlive-presenttexlive-presentationstexlive-presentations-entexlive-pressreleasetexlive-prettyreftexlive-previewtexlive-prftreetexlive-printlentexlive-probatexlive-probsolntexlive-procIAGssymptexlive-prodinttexlive-prodint-fontstexlive-productboxtexlive-programtexlive-progresstexlive-progressbartexlive-proofreadtexlive-prooftreestexlive-propertiestexlive-proposaltexlive-prospertexlive-protextexlive-protocoltexlive-przechlewski-booktexlive-ps2pktexlive-ps2pk-bintexlive-psbaotexlive-pseudocodetexlive-psfragtexlive-psfrag-italiantexlive-psfragxtexlive-psgotexlive-psizzltexlive-pslatextexlive-psnfsstexlive-pspicturetexlive-pst-2dplottexlive-pst-3dtexlive-pst-3dplottexlive-pst-abspostexlive-pst-amtexlive-pst-arrowtexlive-pst-asrtexlive-pst-bartexlive-pst-barcodetexlive-pst-beziertexlive-pst-blurtexlive-pst-bsplinetexlive-pst-calendartexlive-pst-cietexlive-pst-circtexlive-pst-coiltexlive-pst-coxtexlive-pst-dbiconstexlive-pst-diffractiontexlive-pst-electricfieldtexlive-pst-epstexlive-pst-eucltexlive-pst-eucl-translation-bgtexlive-pst-exatexlive-pst-filltexlive-pst-fittexlive-pst-fr3dtexlive-pst-fractaltexlive-pst-funtexlive-pst-functexlive-pst-gantttexlive-pst-geotexlive-pst-ghsbtexlive-pst-gr3dtexlive-pst-gradtexlive-pst-graphicxtexlive-pst-infixplottexlive-pst-intersecttexlive-pst-jtreetexlive-pst-knottexlive-pst-labotexlive-pst-layouttexlive-pst-lenstexlive-pst-light3dtexlive-pst-magneticfieldtexlive-pst-mathtexlive-pst-mirrortexlive-pst-nodetexlive-pst-ob3dtexlive-pst-odetexlive-pst-optexptexlive-pst-optictexlive-pst-oscitexlive-pst-ovltexlive-pst-padtexlive-pst-pdftexlive-pst-pdf-bintexlive-pst-pdgrtexlive-pst-perspectivetexlive-pst-platontexlive-pst-plottexlive-pst-polytexlive-pst-pulleytexlive-pst-qtreetexlive-pst-rubanstexlive-pst-shelltexlive-pst-sigsystexlive-pst-slpetexlive-pst-solarsystemtexlive-pst-solides3dtexlive-pst-sorobantexlive-pst-spectratexlive-pst-spinnertexlive-pst-spirographtexlive-pst-strutexlive-pst-supporttexlive-pst-texttexlive-pst-thicktexlive-pst-toolstexlive-pst-treetexlive-pst-tvztexlive-pst-umltexlive-pst-vectoriantexlive-pst-vehicletexlive-pst-voweltexlive-pst-vue3dtexlive-pst2pdftexlive-pst2pdf-bintexlive-pstooltexlive-pstoolstexlive-pstools-bintexlive-pstrickstexlive-pstricks-addtexlive-pstricks_calcnotestexlive-pstringtexlive-psu-thesistexlive-ptextexlive-ptex-basetexlive-ptex-bintexlive-ptex-fontmapstexlive-ptex-fontmaps-bintexlive-ptex-fontstexlive-ptex-fonts-fontstexlive-ptex2pdftexlive-ptex2pdf-bintexlive-ptexenc-develtexlive-ptexttexlive-ptptextexlive-punktexlive-punk-latextexlive-punknovatexlive-punknova-fontstexlive-purifyepstexlive-purifyeps-bintexlive-pxbasetexlive-pxchfontexlive-pxcjkcattexlive-pxfontstexlive-pxfonts-fontstexlive-pxgreekstexlive-pxjahypertexlive-pxpgfmarktexlive-pxrubricatexlive-pxtatescaletexlive-pxtxalfatexlive-pygmentextexlive-pygmentex-bintexlive-pythontexlive-pythonhighlighttexlive-pythontextexlive-pythontex-bintexlive-qcircuittexlive-qcmtexlive-qobitreetexlive-qpxqtxtexlive-qrcodetexlive-qstesttexlive-qsymbolstexlive-qtreetexlive-quattrocentotexlive-quattrocento-fontstexlive-quicktypetexlive-quotchaptexlive-quotingtexlive-quotmarktexlive-qurantexlive-r_und_stexlive-ralewaytexlive-raleway-fontstexlive-ran_tokstexlive-randbildtexlive-randomlisttexlive-randomwalktexlive-randtexttexlive-rccoltexlive-rcstexlive-rcs-multitexlive-rcsinfotexlive-readarraytexlive-realboxestexlive-realscriptstexlive-rec-thytexlive-recipetexlive-recipebooktexlive-recipecardtexlive-rectopmatexlive-recycletexlive-recycle-fontstexlive-refchecktexlive-refenumstexlive-reflectgraphicstexlive-refmantexlive-refstyletexlive-regcounttexlive-regexpatchtexlive-registertexlive-regstatstexlive-reledmactexlive-relenctexlive-relsizetexlive-reotextexlive-repeatindextexlive-reperetexlive-repltexttexlive-resphilosophicatexlive-resumeclstexlive-resumemactexlive-reverxiitexlive-revquantumtexlive-revtextexlive-revtex4texlive-ribbonproofstexlive-rjlparshaptexlive-rlepsftexlive-rmathbrtexlive-rmpagetexlive-robototexlive-roboto-fontstexlive-robustcommandtexlive-robustindextexlive-roextexlive-romanbartexlive-romanbarpagenumbertexlive-romandetexlive-romande-fontstexlive-romannegtexlive-romannumtexlive-rosariotexlive-rosario-fontstexlive-rotfloattexlive-rotpagestexlive-roundboxtexlive-roundrecttexlive-rputovertexlive-rrgtreestexlive-rsctexlive-rsfstexlive-rsfs-fontstexlive-rsfsotexlive-rterfacetexlive-rtkinenctexlive-rtklagetexlive-rubiktexlive-rubik-bintexlive-ruhyphentexlive-rulercompasstexlive-russtexlive-rutitlepagetexlive-rviewporttexlive-rvwritetexlive-ryethesistexlive-sa-tikztexlive-sageeptexlive-sanitize-umlauttexlive-sanskrittexlive-sanskrit-t1texlive-sanskrit-t1-fontstexlive-sansmathtexlive-sansmathaccenttexlive-sansmathfontstexlive-sansmathfonts-fontstexlive-sapthesistexlive-sasnrdisplaytexlive-sauerjtexlive-sautertexlive-sauterfontstexlive-savefnmarktexlive-savesymtexlive-savetreestexlive-scaletexlive-scalebartexlive-scalereltexlive-scanpagestexlive-scanpages-fontstexlive-schemabloctexlive-schematatexlive-schuletexlive-schulschriftentexlive-schwalbe-chesstexlive-scipostertexlive-sclang-prettifiertexlive-scratchtexlive-screenplaytexlive-screenplay-pkgtexlive-scrjrnltexlive-scrlttr2copytexlive-scsnowmantexlive-sdrttexlive-sduthesistexlive-secdottexlive-sectiontexlive-sectionboxtexlive-sectstytexlive-seealsotexlive-seetexktexlive-seetexk-bintexlive-selectptexlive-selnoligtexlive-semantictexlive-semantic-markuptexlive-semaphortexlive-semaphor-fontstexlive-seminartexlive-semionesidetexlive-semproctexlive-sepfootnotestexlive-sepnumtexlive-seqsplittexlive-serbian-apostrophetexlive-serbian-date-lattexlive-serbian-def-cyrtexlive-serbian-ligtexlive-sesamanueltexlive-sesstimetexlive-setdecktexlive-setspacetexlive-seuthesistexlive-seuthesixtexlive-sf298texlive-sffmstexlive-sfgtexlive-sfmathtexlive-sgametexlive-shadetexlive-shadethmtexlive-shadowtexlive-shadowtexttexlive-shapepartexlive-shapestexlive-shdoctexlive-shipunovtexlive-shorttoctexlive-show2etexlive-showcharinboxtexlive-showdimtexlive-showexpltexlive-showhyphenstexlive-showlabelstexlive-showtagstexlive-shuffletexlive-sidecaptexlive-sidenotestexlive-sidestexlive-signcharttexlive-silencetexlive-simple-resume-cvtexlive-simple-thesis-dissertationtexlive-simplecdtexlive-simplecvtexlive-simpler-wicktexlive-simplewicktexlive-simplified-latextexlive-simurghtexlive-sitemtexlive-siunitxtexlive-skaktexlive-skaknewtexlive-skaknew-fontstexlive-skbtexlive-skdoctexlive-skeycommandtexlive-skeyvaltexlive-skmathtexlive-skrapporttexlive-skulltexlive-slantsctexlive-slideshowtexlive-smalltableoftexlive-smartdiagramtexlive-smartreftexlive-smartunitstexlive-snapshottexlive-snoteztexlive-songbooktexlive-songstexlive-sort-by-letterstexlive-sotontexlive-soultexlive-souptexlive-sourcecodeprotexlive-sourcecodepro-fontstexlive-sourcesansprotexlive-sourcesanspro-fontstexlive-sourceserifprotexlive-sourceserifpro-fontstexlive-spaligntexlive-spanish-mxtexlive-sparklinestexlive-spath3texlive-spellingtexlive-sphdthesistexlive-spietexlive-splinestexlive-splitbibtexlive-splitindextexlive-splitindex-bintexlive-spottexlive-spotcolortexlive-spreadtabtexlive-spverbatimtexlive-sr-vorltexlive-srbook-memtexlive-srcltxtexlive-srcredacttexlive-srcredact-bintexlive-sseqtexlive-sslidestexlive-stacktexlive-stackenginetexlive-stagetexlive-standalonetexlive-stanlitexlive-starfonttexlive-starfont-fontstexlive-startextexlive-statextexlive-statex2texlive-statistiktexlive-stavestexlive-staves-fontstexlive-stdclsdvtexlive-stdpagetexlive-steinmetztexlive-stellenboschtexlive-stextexlive-stixtexlive-stix-fontstexlive-stmaryrdtexlive-stmaryrd-fontstexlive-storeboxtexlive-storecmdtexlive-stringstringstexlive-struktextexlive-sttoolstexlive-stubstexlive-studenthandoutstexlive-sty2dtxtexlive-sty2dtx-bintexlive-suanpantexlive-subdepthtexlive-subeqntexlive-subeqnarraytexlive-subfigtexlive-subfigmattexlive-subfiguretexlive-subfilestexlive-subfloattexlive-substancestexlive-substitutefonttexlive-substrtexlive-subsupscriptstexlive-sudokutexlive-sudokubundletexlive-suftesitexlive-sugconftexlive-superiorstexlive-superiors-fontstexlive-supertabulartexlive-susytexlive-svgtexlive-svg-inkscapetexlive-svgcolortexlive-svntexlive-svn-multitexlive-svn-multi-bintexlive-svn-provtexlive-svninfotexlive-svrsymbolstexlive-svrsymbols-fontstexlive-swebibtexlive-swimgraftexlive-syllogismtexlive-symboltexlive-symbol-fontstexlive-sympytexpackagetexlive-synctextexlive-synctex-bintexlive-synctex-develtexlive-synprooftexlive-syntaxtexlive-syntracetexlive-synttreetexlive-systemetexlive-t-anglestexlive-t2texlive-tabfigurestexlive-table-fcttexlive-tableauxtexlive-tablefootnotetexlive-tableoftexlive-tablestylestexlive-tabliststexlive-tablortexlive-tablstexlive-tabriz-thesistexlive-tabstackenginetexlive-tabto-generictexlive-tabto-ltxtexlive-tabutexlive-tabularbordertexlive-tabularcalctexlive-tabularewtexlive-tabulars-etexlive-tabularytexlive-tabvartexlive-tabvar-fontstexlive-taggingtexlive-tagpairtexlive-talktexlive-tamefloatstexlive-tamethebeasttexlive-taptexlive-tapirtexlive-tapir-fontstexlive-taskstexlive-tcldoctexlive-tcolorboxtexlive-tdclocktexlive-tdstexlive-tdsfrmathtexlive-technicstexlive-tedtexlive-templates-fenntexlive-templates-sommertexlive-templatetoolstexlive-temporatexlive-tempora-fontstexlive-tengwarscripttexlive-tensortexlive-termcaltexlive-termlisttexlive-termmenutexlive-testhyphenstexlive-testidxtexlive-tetextexlive-tetex-bintexlive-teubnertexlive-textexlive-tex-bintexlive-tex-ewdtexlive-tex-font-errors-cheatsheettexlive-tex-gyretexlive-tex-gyre-fontstexlive-tex-gyre-mathtexlive-tex-gyre-math-fontstexlive-tex-ini-filestexlive-tex-labeltexlive-tex-overviewtexlive-tex-pstexlive-tex-refstexlive-tex-virtual-academy-pltexlive-tex4ebooktexlive-tex4ebook-bintexlive-tex4httexlive-tex4ht-bintexlive-texapitexlive-texbytopictexlive-texconfigtexlive-texconfig-bintexlive-texcounttexlive-texcount-bintexlive-texdeftexlive-texdef-bintexlive-texdifftexlive-texdiff-bintexlive-texdirflattentexlive-texdirflatten-bintexlive-texdoctexlive-texdoc-bintexlive-texdrawtexlive-texfottexlive-texfot-bintexlive-texilikechapstexlive-texilikecovertexlive-texinfotexlive-texlive-commontexlive-texlive-cztexlive-texlive-detexlive-texlive-entexlive-texlive-estexlive-texlive-frtexlive-texlive-ittexlive-texlive-pltexlive-texlive-rutexlive-texlive-srtexlive-texlive-zh-cntexlive-texlive.infratexlive-texliveonflytexlive-texliveonfly-bintexlive-texloganalysertexlive-texloganalyser-bintexlive-texlogostexlive-texlua-develtexlive-texluajit-develtexlive-texmatetexlive-texmentstexlive-texosquerytexlive-texosquery-bintexlive-texpowertexlive-texproposaltexlive-texshadetexlive-texsistexlive-texsis-bintexlive-textcasetexlive-textfittexlive-textglostexlive-textgreektexlive-textmergtexlive-textopotexlive-textpathtexlive-textpostexlive-texvctexlive-texwaretexlive-texware-bintexlive-tfrupeetexlive-tfrupee-fontstexlive-thaienumtexlive-thalietexlive-theoremreftexlive-thesis-ekftexlive-thesis-titlepage-fhactexlive-thinsptexlive-thmboxtexlive-thmtoolstexlive-threadcoltexlive-threeddicetexlive-threeparttabletexlive-threeparttablextexlive-thumbtexlive-thumbpdftexlive-thumbpdf-bintexlive-thumbstexlive-thumbytexlive-thuthesistexlive-tickettexlive-ticollegetexlive-tietexlive-tie-bintexlive-tikz-3dplottexlive-tikz-bayesnettexlive-tikz-cdtexlive-tikz-dependencytexlive-tikz-dimlinetexlive-tikz-feynmantexlive-tikz-inettexlive-tikz-kalendertexlive-tikz-opmtexlive-tikz-opticstexlive-tikz-pagetexlive-tikz-palatticetexlive-tikz-qtreetexlive-tikz-timingtexlive-tikzincludetexlive-tikzmarktexlive-tikzorbitaltexlive-tikzpagenodestexlive-tikzpeopletexlive-tikzpfeiletexlive-tikzpostertexlive-tikzscaletexlive-tikzsymbolstexlive-timestexlive-times-fontstexlive-timetabletexlive-timing-diagramstexlive-tinostexlive-tinos-fontstexlive-tipatexlive-tipa-detexlive-tipa-fontstexlive-tipfrtexlive-titlecapstexlive-titlefoottexlive-titlepagestexlive-titlepictexlive-titlereftexlive-titlesectexlive-titlingtexlive-tkz-basetexlive-tkz-bergetexlive-tkz-doctexlive-tkz-euclidetexlive-tkz-fcttexlive-tkz-graphtexlive-tkz-kiviattexlive-tkz-linknodestexlive-tkz-ormtexlive-tkz-tabtexlive-tlc2texlive-tocbibindtexlive-tocdatatexlive-toclofttexlive-tocvsec2texlive-todotexlive-todonotestexlive-tokenizertexlive-toolboxtexlive-toolstexlive-topfloattexlive-toptesitexlive-totcounttexlive-totpagestexlive-tpic2pdftextexlive-tpic2pdftex-bintexlive-tpslifontstexlive-tqfttexlive-tracklangtexlive-trajantexlive-trajan-fontstexlive-tramtexlive-translation-array-frtexlive-translation-arsclassica-detexlive-translation-biblatex-detexlive-translation-chemsym-detexlive-translation-dcolumn-frtexlive-translation-ecv-detexlive-translation-enumitem-detexlive-translation-europecv-detexlive-translation-filecontents-detexlive-translation-moreverb-detexlive-translation-natbib-frtexlive-translation-tabbing-frtexlive-translationstexlive-tree-dvipstexlive-treetextexlive-trfsignstexlive-trigonometrytexlive-trimspacestexlive-trivfloattexlive-trsymtexlive-truncatetexlive-tsemlinestexlive-ttfutilstexlive-ttfutils-bintexlive-tucvtexlive-tudscrtexlive-tufte-latextexlive-tugboattexlive-tugboat-plaintexlive-tuitexlive-turabiantexlive-turabian-formattingtexlive-turkmentexlive-turnstiletexlive-turnthepagetexlive-twoinonetexlive-twouptexlive-txfontstexlive-txfonts-fontstexlive-txfontsbtexlive-txfontsb-fontstexlive-txgreekstexlive-txuprcaltexlive-txuprcal-fontstexlive-type1cmtexlive-typed-checklisttexlive-typefacetexlive-typehtmltexlive-typeoutfileinfotexlive-typeoutfileinfo-bintexlive-typiconstexlive-typicons-fontstexlive-typoaidtexlive-typogridtexlive-uaclassestexlive-uafthesistexlive-uantwerpendocstexlive-uassigntexlive-ucbthesistexlive-ucdavisthesistexlive-ucharcattexlive-ucharclassestexlive-ucstexlive-ucthesistexlive-udesoftectexlive-uebungsblatttexlive-uestcthesistexlive-uhctexlive-uhc-fontstexlive-uhhassignmenttexlive-uhrzeittexlive-uiucredbordertexlive-uiucthesistexlive-ukrhyphtexlive-ulemtexlive-ulqdatexlive-ulqda-bintexlive-ulthesetexlive-umbclegislationtexlive-umich-thesistexlive-umltexlive-umlautetexlive-umolinetexlive-umthesistexlive-umtypewritertexlive-umtypewriter-fontstexlive-unamth-templatetexlive-unamthesistexlive-undergradmathtexlive-underlintexlive-underoverlaptexlive-underscoretexlive-undolabltexlive-unfonts-coretexlive-unfonts-core-fontstexlive-unfonts-extratexlive-unfonts-extra-fontstexlive-uni-wtal-gertexlive-uni-wtal-lintexlive-unicode-biditexlive-unicode-datatexlive-unicode-mathtexlive-unisugartexlive-unitstexlive-unitsdeftexlive-universatexlive-universalistexlive-universalis-fontstexlive-unraveltexlive-unswcovertexlive-uothesistexlive-uowthesistexlive-uowthesistitlepagetexlive-upcatexlive-updmap-maptexlive-uplatextexlive-uplatex-bintexlive-upmethodologytexlive-uppunctlmtexlive-upquotetexlive-uptextexlive-uptex-basetexlive-uptex-bintexlive-uptex-fontstexlive-urclstexlive-uritexlive-urltexlive-urlbsttexlive-urlbst-bintexlive-urwchancaltexlive-usebibtexlive-ushorttexlive-uspacetexlive-uspatenttexlive-ut-thesistexlive-utf8mextexlive-utopiatexlive-utopia-fontstexlive-uwmslidetexlive-uwthesistexlive-vaktexlive-vancouvertexlive-variablelmtexlive-variationstexlive-varindextexlive-varisizetexlive-varsfromjobnametexlive-varwidthtexlive-vaucanson-gtexlive-vdmlistingtexlive-velthuistexlive-velthuis-bintexlive-velthuis-fontstexlive-venntexlive-venndiagramtexlive-venturisadftexlive-venturisadf-fontstexlive-verbaseftexlive-verbatimboxtexlive-verbatimcopytexlive-verbdeftexlive-verbmentstexlive-versetexlive-versiontexlive-versionstexlive-versonotestexlive-vertbarstexlive-vgridtexlive-vhistorytexlive-visualfaqtexlive-visualpstrickstexlive-visualtikztexlive-vlnatexlive-vlna-bintexlive-vmargintexlive-vntextexlive-vntex-fontstexlive-vocaltracttexlive-volumestexlive-voss-mathcoltexlive-vpetexlive-vpe-bintexlive-vrulertexlive-vwcoltexlive-wadalabtexlive-wadalab-fontstexlive-wallpapertexlive-warningtexlive-warpcoltexlive-wastexlive-wasytexlive-wasy2-pstexlive-wasy2-ps-fontstexlive-wasysymtexlive-webtexlive-web-bintexlive-webguidetexlive-widetabletexlive-williamstexlive-withargstexlive-wnritexlive-wnri-latextexlive-wordcounttexlive-wordliketexlive-wrapfigtexlive-wsemclassictexlive-wsuipatexlive-wtreftexlive-xargstexlive-xassoccnttexlive-xchartertexlive-xcharter-fontstexlive-xcitetexlive-xcjk2unitexlive-xcntperchaptexlive-xcolortexlive-xcolor-materialtexlive-xcolor-solarizedtexlive-xcommenttexlive-xcookybookytexlive-xdoctexlive-xduthesistexlive-xdvitexlive-xdvi-bintexlive-xebapostertexlive-xecjktexlive-xecolortexlive-xecyrtexlive-xeindextexlive-xellipsistexlive-xepersiantexlive-xesearchtexlive-xespotcolortexlive-xetextexlive-xetex-bintexlive-xetex-devanagaritexlive-xetex-itranstexlive-xetex-pstrickstexlive-xetex-tibetantexlive-xetexconfigtexlive-xetexfontinfotexlive-xetexkotexlive-xetexreftexlive-xevlnatexlive-xfortexlive-xgreektexlive-xhfilltexlive-xifthentexlive-xiitexlive-xinttexlive-xitstexlive-xits-fontstexlive-xkeyvaltexlive-xloptexlive-xltxtratexlive-xmltextexlive-xmltex-bintexlive-xmltexconfigtexlive-xmpincltexlive-xnewcommandtexlive-xoptargtexlive-xpatchtexlive-xpeektexlive-xpianotexlive-xpicturetexlive-xpinyintexlive-xprintlentexlive-xpunctuatetexlive-xqtexlive-xsaveboxtexlive-xsimtexlive-xskaktexlive-xstringtexlive-xtabtexlive-xunicodetexlive-xwatermarktexlive-xylingtexlive-xymtextexlive-xypictexlive-xypic-fontstexlive-xypic-tut-pttexlive-xytreetexlive-yafoottexlive-yagusylotexlive-yalettertexlive-yannisgrtexlive-yathesistexlive-yaxtexlive-ycbooktexlive-ydoctexlive-yfontstexlive-yfonts-t1texlive-yfonts-t1-fontstexlive-yhmathtexlive-yhmath-fontstexlive-yinit-otftexlive-yinit-otf-fontstexlive-york-thesistexlive-youngtabtexlive-yplantexlive-yplan-bintexlive-ytableautexlive-zapfchantexlive-zapfchan-fontstexlive-zapfdingtexlive-zapfding-fontstexlive-zed-csptexlive-zhmetricstexlive-zhmetrics-uptextexlive-zhnumbertexlive-zhspacingtexlive-ziffertexlive-zlmtttexlive-zwgetfdatetexlive-zwpagelayouttexlive-zxjafbfonttexlive-zxjafonttexlive-zxjatypeliblouis-dataliblouis-develliblouis14python3-louislibmad-devellibmad0libmicrohttpd-devellibmicrohttpd12libmms-devellibmms0libmodplug-devellibmodplug1libopenmpt-devellibopenmpt0libopenmpt_modplug1libmp3lame-devellibmp3lame0libmpg123-0libout123-0mpg123mpg123-develmpg123-pulselibndp-devellibndp0libnm-gtk-devellibnm-gtk0libnma-devellibnma0nma-datatypelib-1_0-NMA-1_0typelib-1_0-NMGtk-1_0libopenjpeg1openjpeg-devellibopus-devellibpango-1_0-0-32bitlibpcre2-posix2pcre2-devellibplist++-devellibplist++3libplist-devellibplist3libpotrace0libquicktimelibquicktime-devellibquicktime0libraptor-devellibraptor2-0raptorlibrsvg-develtypelib-1_0-Rsvg-2_0libsmi-devellibsoup-develtypelib-1_0-Soup-2_4libsrtp-devellibsrtp1libtag-devellibtag_c0libthai-devellibthai0-32bitlibtiff5-32bitlibusbmuxd-devellibusbmuxd4libvdpau-devellibvdpau1libvpx-devellibxcb-render0-32bitlibxcb-shm0-32bitlibyaml-cpp0_6yaml-cpp-develnewt-developen-vm-tools-desktopperl-CGIperl-File-Pathperl-MIME-Charsetperl-Tkpppppp-develpulseaudiopulseaudio-bash-completionpulseaudio-esound-compatpulseaudio-gdm-hookspulseaudio-langpulseaudio-module-gconfpulseaudio-module-x11pulseaudio-module-zeroconfpulseaudio-utilspulseaudio-zsh-completionpython-tkpython3-bottlepython3-cupshelperssystem-config-printer-commonsystem-config-printer-common-langsystem-config-printer-dbus-serviceudev-configure-printerrtkitsane-backendssane-backends-autoconfigsane-backends-develspice-vdagenttypelib-1_0-JavaScriptCore-4_0typelib-1_0-WebKit2-4_0typelib-1_0-WebKit2WebExtension-4_0webkit2gtk3-develvinovino-langvorbis-toolsvorbis-tools-langwavpackwavpack-develwireshark-develwireshark-ui-qtImageMagick-config-7-SUSEflatpak-zsh-completiongvfsgvfs-backend-afcgvfs-backend-sambagvfs-backendsgvfs-develgvfs-fusegvfs-langlibSDL-1_2-0libSDL-devellibSoundTouch0soundtouch-devellibgxps-devellibgxps2typelib-1_0-GXPS-0_1libnetpbm-develFastCGIFastCGI-devellibfcgi0perl-FastCGIsle-module-development-tools-releaseaaa_base-malloccheckantant-antlrant-apache-bcelant-apache-bsfant-apache-log4jant-apache-oroant-apache-regexpant-apache-resolverant-commons-loggingant-javamailant-jdependant-jmfant-junitant-manualant-scriptsant-swingapache-pdfboxbinutils-devel-32bitbsdtarbsh2bsh2-classgenbsh2-javadocbuildbuild-mkbaselibscheckbashismscrashcrash-develcrash-kmp-defaultctagscups-ddkcvsdpkgdpkg-develgitgit-archgit-cvsgit-daemongit-docgit-emailgit-guigit-svngit-webgitkglibc-devel-32bitglibc-devel-staticglibc-utilsguileguile-develguile-modules-2_0libguile-2_0-22libguilereadline-v-18-18jythonkernel-docskernel-obs-buildkernel-sourcekernel-symskernel-vanilla-baselibgit2-26libgit2-devellibpcp-devellibpcp3libpcp_gui2libpcp_import1libpcp_mmv1libpcp_trace2libpcp_web1pcppcp-confpcp-develpcp-docpcp-import-iostat2pcppcp-import-mrtg2pcppcp-import-sar2pcpperl-PCP-LogImportperl-PCP-LogSummaryperl-PCP-MMVperl-PCP-PMDApython-pcplibtidy-devellibtidy5tidylibtool-32bitmercurialnasmocamlocaml-compiler-libsocaml-compiler-libs-develocaml-rpm-macrosocaml-runtimeocaml-libguestfs-developenldap2-devel-32bitpam-devel-32bitperl-Archive-Extractperl-ExtUtils-MakeMakerperl-Module-Load-Conditionalperl-Config-IniFilesperl-DNS-LDNSperl-Net-Libproxyperl-PerlMagickperl-Tk-develperl-YAML-LibYAMLperl-docpython3-toolssubversion-bash-completionsubversion-perlsubversion-pythonsubversion-toolssystemtapsystemtap-runtimesystemtap-sdt-develsystemtap-serverxorg-x11-server-sdkzlib-devel-32bitblktracecargoclippyrlsrustrust-analysisrust-srcrust-std-staticrustfmtncurses-devel-32bitocaml-ocamldocoscperl-Mail-SpamAssassin-Plugin-iXhash2rpm-buildlibpmi0libslurm32perl-slurmslurmslurm-auth-noneslurm-configslurm-develslurm-docslurm-luaslurm-mungeslurm-nodeslurm-pam_slurmslurm-pluginsslurm-slurmdbdslurm-sqlslurm-torquesle-module-hpc-releasepython2-numpy-gnu-hpcpython2-numpy-gnu-hpc-develpython2-numpy_1_14_0-gnu-hpcpython2-numpy_1_14_0-gnu-hpc-develpython3-numpy-gnu-hpcpython3-numpy-gnu-hpc-develpython3-numpy_1_14_0-gnu-hpcpython3-numpy_1_14_0-gnu-hpc-devellibslurm33slurm-config-mangvsle-module-legacy-releasejava-1_8_0-ibmjava-1_8_0-ibm-alsajava-1_8_0-ibm-develjava-1_8_0-ibm-pluginjava-1_8_0-openjdkjava-1_8_0-openjdk-demojava-1_8_0-openjdk-develjava-1_8_0-openjdk-headlesslibopenssl-1_0_0-devellibopenssl1_0_0openssl-1_0_0ntpopenldap2openldap2-back-metaopenldap2-back-perlpam-modulespam-modules-32bitreiserfs-kmp-defaultlibncurses5libncurses5-32bitncurses5-develkernel-default-livepatchsle-module-live-patching-releaseapache2-mod_wsgiapache2-mod_wsgi-python3sle-module-public-cloud-releasepython3-keystoneclientaws-clirmt-server-pubcloudclamsapsle-module-sap-applications-release389-ds389-ds-develsle-module-server-applications-releaseapache2apache2-develapache2-docapache2-preforkapache2-utilsapache2-workerapache2-mod_apparmorapache2-mod_jkapache2-mod_nssapache2-mod_security2bindbind-chrootenvbind-doccyrus-sasl-sqlauxpropdavfs2dhcp-relaydhcp-serverdovecot23dovecot23-backend-mysqldovecot23-backend-pgsqldovecot23-backend-sqlitedovecot23-develdovecot23-ftsdovecot23-fts-lucenedovecot23-fts-solrdovecot23-fts-squatdpdkdpdk-develdpdk-kmp-defaultdpdk-toolslibdpdk-17_11-0freeradius-serverfreeradius-server-develfreeradius-server-krb5freeradius-server-ldapfreeradius-server-libsfreeradius-server-mysqlfreeradius-server-perlfreeradius-server-postgresqlfreeradius-server-pythonfreeradius-server-sqlitefreeradius-server-utilsgnuplotgnuplot-docgrub2-x86_64-xengtk-vnc-devellibgvncpulse-1_0-0typelib-1_0-GVnc-1_0typelib-1_0-GVncPulse-1_0typelib-1_0-GtkVnc-1_0typelib-1_0-GtkVnc-2_0guestfs-dataguestfs-toolsguestfs-winsupportguestfsdlibguestfs-devellibguestfs0perl-Sys-Guestfspython3-libguestfsvirt-v2vkrb5-plugin-kdb-ldapkrb5-serverlibapr-util1-dbd-mysqllibapr-util1-dbd-pgsqllibapr-util1-dbd-sqlite3libcacard-devellibcacard0libecpg6postgresql10-contribpostgresql10-develpostgresql10-docspostgresql10-plperlpostgresql10-plpythonpostgresql10-pltclpostgresql10-serverlibfpm_pb0libospf0libospfapiclient0libquagga_pb0libzebra1quaggaquagga-devellibmysqld-devellibmysqld19mariadbmariadb-clientmariadb-errormessagesmariadb-toolslibopenvswitch-2_8-0openvswitchopenvswitch-devellibrelp-devellibrelp0libsaml-devellibsaml9opensaml-schemaslibshibsp-lite7libshibsp7shibboleth-spshibboleth-sp-devellibspice-server-devellibspice-server1libupsclient1nutnut-develnut-drivers-netlibvirglrenderer0virglrenderer-devellibvirtlibvirt-adminlibvirt-clientlibvirt-daemonlibvirt-daemon-config-networklibvirt-daemon-config-nwfilterlibvirt-daemon-driver-interfacelibvirt-daemon-driver-libxllibvirt-daemon-driver-lxclibvirt-daemon-driver-networklibvirt-daemon-driver-nodedevlibvirt-daemon-driver-nwfilterlibvirt-daemon-driver-qemulibvirt-daemon-driver-secretlibvirt-daemon-driver-storagelibvirt-daemon-driver-storage-corelibvirt-daemon-driver-storage-disklibvirt-daemon-driver-storage-iscsilibvirt-daemon-driver-storage-logicallibvirt-daemon-driver-storage-mpathlibvirt-daemon-driver-storage-rbdlibvirt-daemon-driver-storage-scsilibvirt-daemon-hookslibvirt-daemon-lxclibvirt-daemon-qemulibvirt-daemon-xenlibvirt-devellibvirt-doclibvirt-lock-sanlocklibvirt-nsslibwsman-devellibwsman3openwsman-serverlibxmltooling-devellibxmltooling7xmltooling-schemasmemcachedmemcached-develnginxopenslp-serveropenssh-fipspostgresql-contribpostgresql-develpostgresql-docspostgresql-plperlpostgresql-plpythonpostgresql-pltclpostgresql-serverpython3-pywbemqemuqemu-block-curlqemu-block-iscsiqemu-block-rbdqemu-block-sshqemu-guest-agentqemu-ipxeqemu-kvmqemu-langqemu-seabiosqemu-sgabiosqemu-vgabiosqemu-x86rarpdrsyslog-module-gssapirsyslog-module-mysqlrsyslog-module-pgsqlrsyslog-module-relprsyslog-module-snmprsyslog-module-udpspoofsalt-apisalt-cloudsalt-fish-completionsalt-mastersalt-proxysalt-sshsalt-syndicsblim-sfcbskopeospice-gtk-develtypelib-1_0-SpiceClientGlib-2_0typelib-1_0-SpiceClientGtk-3_0squidstunnelsubversion-serveruuiddvsftpdxenxen-develxen-toolslibdpdk-18_11libfreebl3-hmaclibsoftokn3-hmaclibvirt-bash-completionnginx-sourceovmfovmf-toolsqemu-ovmf-x86_64qemu-audio-alsaqemu-audio-ossqemu-audio-paqemu-ppcqemu-s390qemu-ui-cursesqemu-ui-gtkrmt-serverrsyslog-module-gtlssysstat-isagyast2-rmtapache-commons-beanutilssle-module-web-scripting-releaseapache-commons-daemonapache2-mod_php7php7php7-bcmathphp7-bz2php7-calendarphp7-ctypephp7-curlphp7-dbaphp7-develphp7-domphp7-enchantphp7-exifphp7-fastcgiphp7-fileinfophp7-fpmphp7-ftpphp7-gdphp7-gettextphp7-gmpphp7-iconvphp7-intlphp7-jsonphp7-ldapphp7-mbstringphp7-mysqlphp7-odbcphp7-opcachephp7-opensslphp7-pcntlphp7-pdophp7-pearphp7-pear-Archive_Tarphp7-pgsqlphp7-pharphp7-posixphp7-shmopphp7-snmpphp7-soapphp7-socketsphp7-sqlitephp7-sysvmsgphp7-sysvsemphp7-sysvshmphp7-tokenizerphp7-wddxphp7-xmlreaderphp7-xmlrpcphp7-xmlwriterphp7-xslphp7-zipphp7-zlibjakarta-commons-fileuploadjakarta-taglibs-standardnodejs8nodejs8-develnodejs8-docsnpm8tomcattomcat-admin-webappstomcat-el-3_0-apitomcat-jsp-2_3-apitomcat-libtomcat-servlet-4_0-apitomcat-webappsxalan-j2nodejs10nodejs10-develnodejs10-docsnpm10MozillaThunderbirdMozillaThunderbird-develMozillaThunderbird-translations-commonMozillaThunderbird-translations-othersle-we-releaseNetworkManager-appletNetworkManager-applet-langNetworkManager-connection-editorNetworkManager-langPackageKit-gstreamer-pluginPackageKit-gtk3-moduleargyllcmsbluez-cupsbogofilter-commonbogofilter-dbcolordcolord-gtk-langcolord-langdiadia-langenigmailfreerdpfreerdp-devellibfreerdp2libwinpr2winpr2-develgegl-0_3gegl-0_3-langgegl-devellibgegl-0_3-0typelib-1_0-Gegl-0_3gimpgimp-develgimp-langgimp-plugins-pythonlibgimp-2_0-0libgimpui-2_0-0gnome-online-accountsgnome-online-accounts-langgnome-photosgnome-photos-langgnome-shell-search-provider-gnome-photosgnome-shell-calendargstreamer-plugins-uglygstreamer-plugins-ugly-langicedtea-webimobiledevice-toolskernel-default-extralibavcodec-devellibavformat-devellibavformat57libavresample-devellibavresample3libgadu-devellibgadu3libmwaw-0_3-3libopencv3_3opencvopencv-devellibotr-devellibotr5libproxy1-config-gnome3libproxy1-networkmanagerlibpskc-devellibpskc0libpurplelibpurple-branding-upstreamlibpurple-devellibpurple-langlibpurple-plugin-sametimepidginpidgin-devellibraw-devellibraw16libreofficelibreoffice-baselibreoffice-base-drivers-mysqllibreoffice-base-drivers-postgresqllibreoffice-branding-upstreamlibreoffice-calclibreoffice-calc-extensionslibreoffice-drawlibreoffice-filters-optionallibreoffice-gnomelibreoffice-gtk3libreoffice-icon-themeslibreoffice-impresslibreoffice-l10n-aflibreoffice-l10n-arlibreoffice-l10n-aslibreoffice-l10n-bglibreoffice-l10n-bnlibreoffice-l10n-brlibreoffice-l10n-calibreoffice-l10n-cslibreoffice-l10n-cylibreoffice-l10n-dalibreoffice-l10n-delibreoffice-l10n-dzlibreoffice-l10n-ellibreoffice-l10n-enlibreoffice-l10n-eolibreoffice-l10n-eslibreoffice-l10n-etlibreoffice-l10n-eulibreoffice-l10n-falibreoffice-l10n-filibreoffice-l10n-frlibreoffice-l10n-galibreoffice-l10n-gllibreoffice-l10n-gulibreoffice-l10n-helibreoffice-l10n-hilibreoffice-l10n-hrlibreoffice-l10n-hulibreoffice-l10n-itlibreoffice-l10n-jalibreoffice-l10n-kklibreoffice-l10n-knlibreoffice-l10n-kolibreoffice-l10n-ltlibreoffice-l10n-lvlibreoffice-l10n-mailibreoffice-l10n-mllibreoffice-l10n-mrlibreoffice-l10n-nblibreoffice-l10n-nllibreoffice-l10n-nnlibreoffice-l10n-nrlibreoffice-l10n-nsolibreoffice-l10n-orlibreoffice-l10n-palibreoffice-l10n-pllibreoffice-l10n-pt_BRlibreoffice-l10n-pt_PTlibreoffice-l10n-rolibreoffice-l10n-rulibreoffice-l10n-silibreoffice-l10n-sklibreoffice-l10n-sllibreoffice-l10n-srlibreoffice-l10n-sslibreoffice-l10n-stlibreoffice-l10n-svlibreoffice-l10n-talibreoffice-l10n-telibreoffice-l10n-thlibreoffice-l10n-tnlibreoffice-l10n-trlibreoffice-l10n-tslibreoffice-l10n-uklibreoffice-l10n-velibreoffice-l10n-xhlibreoffice-l10n-zh_CNlibreoffice-l10n-zh_TWlibreoffice-l10n-zulibreoffice-mailmergelibreoffice-mathlibreoffice-officebeanlibreoffice-pyunolibreoffice-writerlibreoffice-writer-extensionslibreofficekitlibstaroffice-0_0-0libvncclient0libwmf-0_2-7libwmf-devellibwmf-gnomelibwpd-0_10-10libwpd-developenconnectopenconnect-developenconnect-langpidgin-plugin-otrpidgin-plugin-otr-langpulseaudio-module-bluetoothpulseaudio-module-lirctransfigxorg-x11-server-waylandlibntfs-3g87ntfs-3gntfsprogslibsolvlibsolv-toolslibyui-ncurses-pkglibyui-ncurses-pkg8libyui-qt-pkglibyui-qt-pkg8yast2-pkg-bindingscairotifflibvorbislibgcryptpython-rpmpython2-rpmpython3-rpmwebkit2gtk3libsndfileyast2-ftp-serverlibsolv-develpython-solvspice-gtkpangolibX11libxml2python-libxml2-pythonlibsshzziplibpam_pkcs11pam_pkcs11-32bitpython-cryptographypython2-cryptographylcms2libarchivemyspell-demyspell-de_DEmyspell-dictionariesmyspell-enmyspell-en_USmyspell-esmyspell-es_ESmyspell-hu_HUmyspell-lightproof-enmyspell-lightproof-hu_HUmyspell-lightproof-pt_BRmyspell-lightproof-ru_RUmyspell-nb_NOmyspell-nomyspell-pt_BRmyspell-romyspell-ro_ROmyspell-ru_RUlibxkbcommonglib2ncurseslibnettlejasperavahi-glib2gamin-develldblibavahi-glib-devellibavahi-glib1libavahi-gobject0libavahi-ui-gtk3-0libavahi-ui0libfam0-gaminlibfam0-gamin-32bitlibgamin-1-0libp11-kit0libp11-kit0-32bitlibsmbclient0-32bitlibtalloc-devellibtalloc2libtalloc2-32bitlibtdb-devellibtdb1libtdb1-32bitlibtevent-devellibtevent0libtevent0-32bitp11-kitp11-kit-develp11-kit-nss-trustp11-kit-toolspython-tallocpython-talloc-develpython3-tallocpython3-talloc-develsamba-client-32bittalloctalloc-mantdbtdb-toolsteventtevent-mantypelib-1_0-Avahi-0_6libssh2_orgzeromqpython-Jinja2libxsltgraphvizgraphviz-develgraphviz-plugins-corelibgraphviz6nmaplibu2f-hostlibu2f-host-devellibu2f-host0system-user-roottagliblibpng16python-paramikopam_u2flibruby2_5-2_5ruby2.5ruby2.5-develruby2.5-devel-extraruby2.5-stdliblibfreebl3-hmac-32bitlibsoftokn3-hmac-32bitlibmariadb3libmariadbprivatemariadb-connector-clibyui-ncurses-pkg-devellibyui-ncurses-pkg-doclibyui-qt-pkg-docpython-Werkzeugpython3-Werkzeugpython-urllib3python-numpynghttp2u-bootu-boot-rpi3u-boot-toolslibqt5-qtbasepython-magicpython2-magiccephpython-Flaskpython3-FlasklibQt5Svg5libqt5-qtsvglibqt5-qtsvg-devellibjpeg-turbolibjpeg62-turbolibmspackflacxerces-clibsouppython-requestslibcontainers-commonpython-SQLAlchemypython3-SQLAlchemycf-clisle-module-cap-tools-releasegolang-github-docker-libnetworkhelm-mirrorfuse-overlayfsfuse3libfuse3-3slirp4netnsbuildahexiv2libopenmptlibcdioffmpegMozillaFirefox-branding-SLElibspectrelibspectre-devellibspectre1soundtouchaudiofileopenssh-askpass-gnomeImageMagick-config-7-upstreamavahi-utils-gtklibavahi-gobject-develexempiSDL2openexrlibyui-qt-pkg-develibusibus-develibus-gtkibus-gtk3ibus-langlibibus-1_0-5python-ibustypelib-1_0-IBus-1_0djvulibrelibdjvulibre-devellibdjvulibre21libqt5-qtimageformatslibqt5-qtimageformats-devellibqt5-qtsvg-private-headers-devellibgxpsliblouisSDLlttng-moduleslttng-modules-kmp-defaultglibc-utils-srckernel-vanillalibgit2perl-solvpython3-solvruby-solvrust-stdgraphviz-addonsgraphviz-perlperl-Switchrust-gdbpython3-magictomcat-docs-webapptomcat-embedtomcat-javadoctomcat-jsvcsle-module-development-tools-obs-releasebinutils-goldcross-arm-binutilscross-avr-binutilscross-epiphany-binutilscross-hppa-binutilscross-hppa64-binutilscross-i386-binutilscross-ia64-binutilscross-m68k-binutilscross-mips-binutilscross-ppc-binutilscross-ppc64-binutilscross-riscv64-binutilscross-rx-binutilscross-s390-binutilscross-sparc-binutilscross-sparc64-binutilscross-spu-binutilskernel-docs-htmlkernel-obs-qakselftests-kmp-defaultffmpeg-private-devellibavdevice-devellibavdevice57libavfilter-devellibavfilter6curl-minilibcurl-mini-devellibcurl4-minilibsystemd0-minilibudev-mini-devellibudev-mini1nss-myhostnamenss-mymachinesnss-systemdsystemd-loggersystemd-minisystemd-mini-bash-completionsystemd-mini-container-minisystemd-mini-coredump-minisystemd-mini-develsystemd-mini-sysvinitudev-miniMozillaFirefox-branding-upstreamlibepubgenlibepubgen-devel-docliblangtagliblangtag-doclibmwawlibmwaw-devellibmwaw-devel-doclibmwaw-toolslibstarofficelibstaroffice-devellibstaroffice-devel-doclibstaroffice-toolslibwpslibwps-toolslibxmlsec1-gcrypt1libxmlsec1-gnutls1libxmlsec1-openssl1myspell-af_NAmyspell-anmyspell-an_ESmyspell-ar_AEmyspell-ar_BHmyspell-ar_DZmyspell-ar_EGmyspell-ar_IQmyspell-ar_JOmyspell-ar_KWmyspell-ar_LBmyspell-ar_LYmyspell-ar_MAmyspell-ar_OMmyspell-ar_QAmyspell-ar_SAmyspell-ar_SDmyspell-ar_SYmyspell-ar_TNmyspell-ar_YEmyspell-be_BYmyspell-bn_INmyspell-bomyspell-bo_CNmyspell-bo_INmyspell-bsmyspell-bs_BAmyspell-ca_ADmyspell-ca_ESmyspell-ca_ES_valenciamyspell-ca_FRmyspell-ca_ITmyspell-de_ATmyspell-de_CHmyspell-en_AUmyspell-en_BSmyspell-en_BZmyspell-en_CAmyspell-en_GBmyspell-en_GHmyspell-en_IEmyspell-en_INmyspell-en_JMmyspell-en_MWmyspell-en_NAmyspell-en_NZmyspell-en_PHmyspell-en_TTmyspell-en_ZAmyspell-en_ZWmyspell-es_ARmyspell-es_BOmyspell-es_CLmyspell-es_COmyspell-es_CRmyspell-es_CUmyspell-es_DOmyspell-es_ECmyspell-es_GTmyspell-es_HNmyspell-es_MXmyspell-es_NImyspell-es_PAmyspell-es_PEmyspell-es_PRmyspell-es_PYmyspell-es_SVmyspell-es_UYmyspell-es_VEmyspell-fr_BEmyspell-fr_CAmyspell-fr_CHmyspell-fr_LUmyspell-fr_MCmyspell-gd_GBmyspell-gl_ESmyspell-gugmyspell-gug_PYmyspell-ismyspell-is_ISmyspell-kmr_Latnmyspell-kmr_Latn_SYmyspell-kmr_Latn_TRmyspell-lo_LAmyspell-ne_NPmyspell-nl_BEmyspell-nn_NOmyspell-oc_FRmyspell-pt_AOmyspell-sq_ALmyspell-sr_CSmyspell-sr_Latn_CSmyspell-sr_Latn_RSmyspell-sr_RSmyspell-sv_FImyspell-sw_TZmyspell-temyspell-vimyspell-vi_VNxmlsec1xmlsec1-gcrypt-develxmlsec1-gnutls-develxmlsec1-openssl-develxorg-x11-server-sourceopenssh-cavsopenssl-1_1-doclibwpdlibwpd-devel-doclibwpd-toolsgio-branding-upstreamglib2-devel-staticlibgio-famqemu-block-dmgqemu-extraqemu-linux-userruby2.5-rubygem-loofah-docruby2.5-rubygem-loofah-testsuiterubygem-loofahpostgresql10-testruby2.5-rubygem-activejob-doc-5_1rubygem-activejob-5_1libopenssl1_0_0-hmaclibopenssl1_0_0-steamopenssl-1_0_0-cavsopenssl-1_0_0-docctdb-pcp-pmdactdb-testssamba-docsamba-pythonsamba-testghostscript-minighostscript-mini-develnettlebluez-auto-enable-devicesbluez-testgit-credential-gnome-keyringgit-credential-libsecretgit-p4containerd-ctrcontainerd-testdocker-runc-testdocker-testdocker-zsh-completiongogo-docgo1.10go1.10-docgolang-packagingdom4jdom4j-demodom4j-javadocdom4j-manuallibntfs-3g-develntfs-3g_ntfsprogsntfsprogs-extraImageMagick-docImageMagick-extragnutls-guileldb-toolslibnettle-devel-32bitpython-avahipython-avahi-gtkpython-tdbpython-teventpython3-tdbpython3-teventjava-11-openjdk-accessibilityjava-11-openjdk-javadocjava-11-openjdk-jmodsjava-11-openjdk-srcfreeradius-server-docruby2.5-rubygem-actionpack-doc-5_1rubygem-actionpack-5_1zeromq-toolssqlite3-docwebkit-jsc-4python-Jinja2-emacspython-Jinja2-vimbzip2-doc389-ds-snmpjava-1_8_0-openjdk-accessibilityjava-1_8_0-openjdk-javadocjava-1_8_0-openjdk-srcjakarta-commons-fileupload-javadoclibxslt-pythongo1.11go1.11-docgo1.12go1.12-docevolutionglade-catalog-evolutiongraphviz-docgraphviz-gnomegraphviz-guilegraphviz-gveditgraphviz-javagraphviz-luagraphviz-phpgraphviz-rubygraphviz-smyrnawireshark-plugin-libvirtncatndiffnpingzenmaplibrawlibraw-devel-staticlibraw-toolslibu2f-host-docu2f-hostpython3-docpython3-testsuiteNetworkManager-branding-upstreamaxis-manualcronie-anacronlibpng16-toolsbind-lwresdgnome-shell-browser-pluginphp7-embedphp7-readlinephp7-sodiumphp7-tidylibnfsidmap-ssspython3-ipa_hbacpython3-sss-murmurpython3-sss_nss_idmapsssd-winbind-idmappolkit-docdbus-1-devel-docexempi-toolsevince-plugin-comicsdocumentpython-Twistedpython-Twisted-docpython2-Twistedpython3-Twistedpython-paramiko-dockrb5-minikrb5-mini-develruby2.5-docruby2.5-doc-rilibpq5-32bitlibgcrypt-cavsglibc-htmllibixionlibixion-devellibixion-toolsliborcusliborcus-toolsmdds-1_4mdds-1_4-develpython3-libixionpython3-liborcuslibsvn_auth_gnome_keyring-1-0subversion-python-ctypessubversion-rubyopenexr-doclibopenssl-1_1-devel-32bitmariadb-benchmariadb-galeramariadb-testPackageKit-branding-upstreamlibsolv-demolibzypp-devel-docyast2-pkg-bindings-devel-doczypper-aptitudeicedtea-web-javadocpython-demopython-docpython-doc-pdfpython-idlepython-SQLAlchemy-docpython2-SQLAlchemyapache2-eventapache2-example-pagesapache-commons-beanutils-javadocliburiparser1uriparseruriparser-develpython-Werkzeug-docpython2-Werkzeuggolang-github-prometheus-alertmanagergolang-github-prometheus-prometheuspython2-rhnlibrhnlibspacecmdspacewalk-backendspacewalk-backend-appspacewalk-backend-appletspacewalk-backend-cdnspacewalk-backend-config-filesspacewalk-backend-config-files-commonspacewalk-backend-config-files-toolspacewalk-backend-issspacewalk-backend-iss-exportspacewalk-backend-libsspacewalk-backend-package-push-serverspacewalk-backend-serverspacewalk-backend-sqlspacewalk-backend-sql-oraclespacewalk-backend-sql-postgresqlspacewalk-backend-toolsspacewalk-backend-xml-export-libsspacewalk-backend-xmlrpcpython3-ibuslibfdisk-devel-staticlibmount-devel-staticlibsmartcols-devel-staticpython-libmountlibldap-dataopenldap2-back-sockopenldap2-back-sqlopenldap2-contribopenldap2-docopenldap2-ppolicy-check-passwordopenmpt123rust-cbindgenrust-docdjvulibre-doclua53-docnghttp2-pythonpython3-nghttp2LibVNCServerLibVNCServer-devellibvncserver0vim-plugin-nginxbuild-mkdrpmslibQt5Bootstrap-devel-staticlibqt5-qtbase-examplesgdm-branding-upstreamfreerdp-serverfreerdp-waylandlibuwac0-0uwac0-0-develobs-service-appimageobs-service-obs_scmobs-service-obs_scm-commonobs-service-snapcraftobs-service-tarobs-service-tar_scmceph-baseceph-fuseceph-mdsceph-mgrceph-monceph-osdceph-radosgwceph-resource-agentsrbd-fuserbd-mirrorrbd-nbdpython-azure-agentpython-azure-agent-testlibwsman_clientpp-devellibwsman_clientpp1openwsmanopenwsman-javaopenwsman-perlopenwsman-rubyopenwsman-ruby-docsopenwsman-server-plugin-rubypython3-openwsmanwinrspython2-Flaskpython2-Flask-docpython3-Flask-doclibqt5-qtsvg-examplesunzip-doclibgxps-toolsmspack-toolscaca-utilslibcacalibcaca-rubypython3-cacantp-docliblouis-docliblouis-toolsflac-doctar-backup-scriptstar-doctar-testsaudiofile-docslurm-openlavaslurm-seffslurm-sjstatslurm-sviewxerces-c-doclibbz2-devel-32bitlibxslt-devel-32bitlibxslt1-32bitgo-racego1.11-racego1.12-racejava-1_8_0-ibm-32bitjava-1_8_0-ibm-demojava-1_8_0-ibm-devel-32bitjava-1_8_0-ibm-srclibgnutls-devel-32bitlibpython3_6m1_0-32bitpython3-32bitpython3-base-32bitlibcurl-devel-32bitlibudev-devel-32bitnss-myhostname-32bitnss-mymachines-32bitlibtasn1-devel-32bitlibtag1-32bitlibtag_c0-32bitlibpng16-compat-devel-32bitlibpng16-devel-32bitMozillaFirefox-buildsymbolslibasm1-32bitlibelf-devel-32bitImageMagick-devel-32bitlibMagick++-7_Q16HDRI4-32bitlibMagick++-devel-32bitlibMagickCore-7_Q16HDRI6-32bitlibMagickWand-7_Q16HDRI6-32bitlibnetpbm11-32bitcluster-md-kmp-azuredlm-kmp-azuregfs2-kmp-azurekernel-azurekernel-azure-basekernel-azure-develkernel-azure-extrakernel-azure-livepatchkernel-devel-azurekernel-source-azurekernel-syms-azurekselftests-kmp-azureocfs2-kmp-azurereiserfs-kmp-azuredtb-aarch64dtb-aldtb-allwinnerdtb-alteradtb-amddtb-amlogicdtb-apmdtb-armdtb-broadcomdtb-caviumdtb-exynosdtb-freescaledtb-hisilicondtb-lgdtb-marvelldtb-mediatekdtb-nvidiadtb-qcomdtb-renesasdtb-rockchipdtb-socionextdtb-sprddtb-xilinxdtb-ztekernel-debugkernel-debug-basekernel-debug-develkernel-debug-livepatch-develkernel-kvmsmallkernel-kvmsmall-basekernel-kvmsmall-develkernel-kvmsmall-livepatch-develkernel-source-vanillakernel-vanilla-develkernel-vanilla-livepatch-develkernel-zfcpdump-manlibdcerpc-samr0-32bitlibsamba-policy-python-devellibsamba-policy0-32bitlibsamba-policy0-python3-32bitsamba-ad-dc-32bitsamba-cephsamba-libs-python-32bitsamba-libs-python3-32bitglib2-devel-32bitglib2-tools-32bitlibgio-fam-32bitlibgthread-2_0-0-32bitdbus-1-devel-32bitlibvirt-devel-32bitgvfs-32bitlibjavascriptcoregtk-4_0-18-32bitlibwebkit2gtk-4_0-37-32bitwebkit2gtk3-minibrowserlibqblibqb-devel-32bitlibqb20-32bitlibqb0libqb0-32bitlibexpat-devel-32bitmozilla-nss-sysinit-32bitglibc-devel-static-32bitglibc-locale-base-32bitglibc-profile-32bitglibc-utils-32bitmyspell-af_ZAmyspell-armyspell-bg_BGmyspell-bn_BDmyspell-br_FRmyspell-camyspell-cs_CZmyspell-da_DKmyspell-el_GRmyspell-et_EEmyspell-fr_FRmyspell-glmyspell-gu_INmyspell-he_ILmyspell-hi_INmyspell-hr_HRmyspell-idmyspell-id_IDmyspell-it_ITmyspell-lt_LTmyspell-lv_LVmyspell-nl_NLmyspell-pl_PLmyspell-pt_PTmyspell-si_LKmyspell-sk_SKmyspell-sl_SImyspell-srmyspell-sv_SEmyspell-te_INmyspell-th_THmyspell-trmyspell-tr_TRmyspell-uk_UAmyspell-zu_ZAlibIlmImf-2_2-23-32bitlibIlmImfUtil-2_2-23-32bitlibgcrypt-devel-32bitlibreoffice-gdb-pretty-printerslibreoffice-gladelibreoffice-gtk2libreoffice-l10n-amlibreoffice-l10n-astlibreoffice-l10n-belibreoffice-l10n-bn_INlibreoffice-l10n-bolibreoffice-l10n-brxlibreoffice-l10n-bslibreoffice-l10n-ca_valencialibreoffice-l10n-dgolibreoffice-l10n-en_GBlibreoffice-l10n-en_ZAlibreoffice-l10n-fylibreoffice-l10n-gdlibreoffice-l10n-guglibreoffice-l10n-hsblibreoffice-l10n-idlibreoffice-l10n-islibreoffice-l10n-kalibreoffice-l10n-kablibreoffice-l10n-kmlibreoffice-l10n-kmr_Latnlibreoffice-l10n-koklibreoffice-l10n-kslibreoffice-l10n-lblibreoffice-l10n-lolibreoffice-l10n-mklibreoffice-l10n-mnlibreoffice-l10n-mnilibreoffice-l10n-mylibreoffice-l10n-nelibreoffice-l10n-oclibreoffice-l10n-omlibreoffice-l10n-rwlibreoffice-l10n-sa_INlibreoffice-l10n-satlibreoffice-l10n-sdlibreoffice-l10n-sidlibreoffice-l10n-sqlibreoffice-l10n-sw_TZlibreoffice-l10n-tglibreoffice-l10n-ttlibreoffice-l10n-uglibreoffice-l10n-uzlibreoffice-l10n-veclibreoffice-l10n-vilibreoffice-sdklibreoffice-sdk-doclibreofficekit-devellibwps-0_4-4libwps-devellibecpg6-32bitlibpolkit0-32bitlibmariadb3-32bitceph-grafana-dashboardsceph-mgr-dashboardceph-mgr-diskprediction-cloudceph-mgr-diskprediction-localceph-mgr-rookceph-mgr-sshceph-testcephfs-shelllibpython2_7-1_0-32bitpython-32bitpython-base-32bitcontainerd-kubiccontainerd-kubic-ctrdocker-kubicdocker-kubic-bash-completiondocker-kubic-kubeadm-criconfigdocker-kubic-testdocker-kubic-zsh-completiondocker-libnetwork-kubicdocker-runc-kubicgolang-github-docker-libnetwork-kubiclibwavpack1-32bitqemu-armqemu-testsuitelibblkid-devel-32bitlibmount-devel-32bitlibuuid-devel-32bitpython3-libmountibus-gtk-32bitibus-gtk3-32bitlibibus-1_0-5-32bitcluster-md-kmp-rt_debugdlm-kmp-rt_debuggfs2-kmp-rt_debugkernel-rtkernel-rt-extrakernel-rt-livepatchkernel-rt-livepatch-develkernel-rt_debugkernel-rt_debug-basekernel-rt_debug-extrakernel-rt_debug-livepatchkernel-rt_debug-livepatch-develkselftests-kmp-rtkselftests-kmp-rt_debugocfs2-kmp-rt_debugreiserfs-kmp-rtreiserfs-kmp-rt_debuglibmodplug1-32bitlibopenmpt0-32bitlibopenmpt_modplug1-32bitlibSDL2-2_0-0-32bitlibSDL2-devel-32bitlibnghttp2_asio1-32bitu-boot-bananapim64u-boot-bananapim64-docu-boot-dragonboard410cu-boot-dragonboard410c-docu-boot-dragonboard820cu-boot-dragonboard820c-docu-boot-evb-rk3399u-boot-evb-rk3399-docu-boot-firefly-rk3399u-boot-firefly-rk3399-docu-boot-geekboxu-boot-geekbox-docu-boot-hikeyu-boot-hikey-docu-boot-khadas-vimu-boot-khadas-vim-docu-boot-khadas-vim2u-boot-khadas-vim2-docu-boot-ls1012afrdmqspiu-boot-ls1012afrdmqspi-docu-boot-mvebudb-88f3720u-boot-mvebudb-88f3720-docu-boot-mvebudbarmada8ku-boot-mvebudbarmada8k-docu-boot-mvebuespressobin-88f3720u-boot-mvebuespressobin-88f3720-docu-boot-mvebumcbin-88f8040u-boot-mvebumcbin-88f8040-docu-boot-nanopia64u-boot-nanopia64-docu-boot-odroid-c2u-boot-odroid-c2-docu-boot-orangepipc2u-boot-orangepipc2-docu-boot-p2371-2180u-boot-p2371-2180-docu-boot-p2771-0000-500u-boot-p2771-0000-500-docu-boot-pine64plusu-boot-pine64plus-docu-boot-pinebooku-boot-pinebook-docu-boot-pineh64u-boot-pineh64-docu-boot-poplaru-boot-poplar-docu-boot-rock960-rk3399u-boot-rock960-rk3399-docu-boot-rpi3-docu-boot-xilinxzynqmpgenericu-boot-xilinxzynqmpgeneric-docu-boot-xilinxzynqmpzcu102rev10u-boot-xilinxzynqmpzcu102rev10-docpython-numpy_1_16_1-gnu-hpcpython-numpy_1_14_0-gnu-hpckernel-livepatch-4_12_14-25_3-defaultkernel-livepatch-SLE15_Update_1kernel-livepatch-4_12_14-25_6-defaultkernel-livepatch-SLE15_Update_2kernel-livepatch-toolskernel-livepatch-4_12_14-23-defaultkernel-livepatch-SLE15_Update_0kernel-livepatch-4_12_14-25_16-defaultkernel-livepatch-SLE15_Update_4kernel-livepatch-4_12_14-25_13-defaultkernel-livepatch-SLE15_Update_3kernel-livepatch-4_12_14-25_19-defaultkernel-livepatch-SLE15_Update_5kernel-livepatch-4_12_14-25_22-defaultkernel-livepatch-SLE15_Update_6kernel-livepatch-4_12_14-25_25-defaultkernel-livepatch-SLE15_Update_7kernel-livepatch-4_12_14-150_17-defaultkernel-livepatch-SLE15_Update_10kernel-livepatch-4_12_14-150_22-defaultkernel-livepatch-SLE15_Update_11kernel-livepatch-4_12_14-25_28-defaultkernel-livepatch-SLE15_Update_8kernel-livepatch-4_12_14-150_14-defaultkernel-livepatch-SLE15_Update_9kernel-livepatch-4_12_14-150_27-defaultkernel-livepatch-SLE15_Update_12kernel-livepatch-4_12_14-150_32-defaultkernel-livepatch-SLE15_Update_13kernel-livepatch-4_12_14-150_35-defaultkernel-livepatch-SLE15_Update_14kernel-default-livepatch-develkernel-livepatch-4_12_14-197_4-defaultkernel-livepatch-SLE15-SP1_Update_1kernel-livepatch-4_12_14-195-defaultkernel-livepatch-SLE15-SP1_Update_0kernel-livepatch-4_12_14-197_7-defaultkernel-livepatch-SLE15-SP1_Update_2kernel-livepatch-4_12_14-197_10-defaultkernel-livepatch-SLE15-SP1_Update_3kernel-livepatch-4_12_14-197_18-defaultkernel-livepatch-SLE15-SP1_Update_5sle-module-packagehub-subpackages-releasesle-module-python2-releasesamba-ad-dcsamba-dsdb-modulessamba-libs-pythoncluster-md-kmp-rtdlm-kmp-rtgfs2-kmp-rtkernel-devel-rtkernel-rt-basekernel-rt-develkernel-rt_debug-develkernel-source-rtkernel-syms-rtocfs2-kmp-rtsle-module-rt-releasedpdk-thunderxdpdk-thunderx-develdpdk-thunderx-kmp-defaultqemu-uefi-aarch64spicegraphviz-tcllibmariadb-devellibmariadb_pluginsxmltoolingrmt-server-configdrbddrbd-kmp-defaultrubygem-sprocketsgraphviz-gdgraphviz-pythonlibqb-devellibqb-testslibqb-toolslibqb20libepubgen-0_1-1libepubgen-develliblangtag-develliblangtag1libnumbertextlibnumbertext-1_0-0libnumbertext-datalibxmlsec1-1libxmlsec1-nss1xmlsec1-develxmlsec1-nss-develevolution-develevolution-langevolution-plugin-bogofilterevolution-plugin-pst-importevolution-plugin-spamassassinlibixion-0_14-0liborcus-0_14-0liborcus-develkinitkinit-develkinit-langsles-releasechromedriverchromiumchromium-desktop-gnomechromium-desktop-kdechromium-ffmpegsumoirssiirssi-develsuse-sle12-cloud-compute-releaseopenstack-cinderopenstack-cinder-volumepython-cinderopenstack-neutronopenstack-neutron-dhcp-agentopenstack-neutron-ha-toolopenstack-neutron-l3-agentopenstack-neutron-lbaas-agentopenstack-neutron-linuxbridge-agentopenstack-neutron-metadata-agentopenstack-neutron-metering-agentopenstack-neutron-openvswitch-agentopenstack-neutron-vpn-agentpython-neutronpython-Beakerpython-keystoneclientpython-keystoneclient-docpython-pycryptopython-pymongoruby2.1-rubygem-chefrubygem-cheflibMagick++-6_Q16-3libMagickCore-6_Q16-1libMagickCore-6_Q16-1-32bitlibMagickWand-6_Q16-1sled-releaseMozillaFirefox-translationslibdns_sd-32bitlibreadline6libreadline6-32bitbind-libsbind-libs-32bitbogofilterlibcolord2-32bitcoolkeycpp48gcc48gcc48-32bitgcc48-c++gcc48-gijgcc48-gij-32bitgcc48-infolibasan0libasan0-32bitlibatomic1libatomic1-32bitlibffi4libffi4-32bitlibgcc_s1libgcc_s1-32bitlibgcj48libgcj48-32bitlibgcj48-jarlibgcj_bc1libgfortran3libgomp1libgomp1-32bitlibitm1libitm1-32bitlibquadmath0libstdc++48-devellibstdc++48-devel-32bitlibstdc++6libstdc++6-32bitlibtsan0cups-libscups-libs-32bitcups-filters-cups-browsedcups-filters-foomatic-ripcups-filters-ghostscriptecryptfs-utils-32bitlibebl1libebl1-32bitempathyempathy-langtelepathy-mission-control-plugin-goafacterfinchlibpurple-meanwhilelibpurple-tclflash-playerflash-player-gnomelibfreerdp-1_0libfreerdp-1_0-pluginsft2demosgd-32bitlibrsvg-2-2-32bitrsvg-viewlibgnutls28libgnutls28-32bitjava-1_7_0-openjdkjava-1_7_0-openjdk-headlessjava-1_7_0-openjdk-pluginkernel-xenkernel-xen-develkrb5-appl-clientslcmsliblcms1liblcms1-32bitlibIlmImf-Imf_2_1-21libIlmImf-Imf_2_1-21-32bitlibXRes1-32bitlibXv1-32bitlibcgroup1libgensec0libgensec0-32bitlibpdb0libpdb0-32bitlibregistry0libsmbclient-raw0libsmbclient-raw0-32bitlibsmbldap0libsmbldap0-32bitsamba-32bitpostgresql93libevent-2_0-5libexif12-32bitlibfbembed2_5libgssglue1libgssglue1-32bitlibgudev-1_0-0libgudev-1_0-0-32bitlibid3tag0python-sssd-configlibjavascriptcoregtk-1_0-0libjavascriptcoregtk-1_0-0-32bitlibjavascriptcoregtk-3_0-0libwebkit2gtk-3_0-25libwebkitgtk-1_0-0libwebkitgtk-1_0-0-32bitlibwebkitgtk-3_0-0libwebkitgtk2-langlibwebkitgtk3-langtypelib-1_0-JavaScriptCore-3_0typelib-1_0-WebKit-3_0libjson-c2libjson-c2-32bitlibltdl7-32bitliblua5_2lualiblzo2-2-32bitlibmikmod3libmikmod3-32bitlibmusicbrainz4libmysqlclient18libmysqlclient18-32bitlibmysqlclient_r18libmysqlclient_r18-32bitlibopenssl0_9_8libopenssl0_9_8-32bitlibopenssl1_0_0-32bitpango-modulespango-modules-32bitlibpcsclite1-32bitlibpng12-0-32bitlibpoppler-qt4-4libpoppler44libproxy1-32bitlibproxy1-config-gnome3-32bitlibproxy1-networkmanager-32bitlibpulse-mainloop-glib0-32bitlibpulse0-32bitpulseaudio-module-jacklibpython3_4m1_0libqt4libqt4-32bitlibqt4-qt3supportlibqt4-qt3support-32bitlibqt4-sqllibqt4-sql-32bitlibqt4-sql-mysqllibqt4-sql-mysql-32bitlibqt4-sql-postgresqllibqt4-sql-postgresql-32bitlibqt4-sql-sqlitelibqt4-sql-sqlite-32bitlibqt4-sql-unixODBClibqt4-sql-unixODBC-32bitlibqt4-x11libqt4-x11-32bitlibraw9libreoffice-icon-theme-tangolibreoffice-l10n-pt-BRlibreoffice-l10n-pt-PTlibreoffice-l10n-zh-Hanslibreoffice-l10n-zh-Hantlibrpcsecgss3libsilc-1_1-2libsilcclient-1_1-3silc-toolkitlibsndfile1-32bitlibsnmp30-32bitlibsoup-2_4-1-32bitlibspice-client-gtk-2_0-4libspice-client-gtk-3_0-4libvirt-client-32bitlibvorbis0-32bitlibvorbisenc2-32bitlibvorbisfile3-32bitlibvte9libxcb-xkb1-32bitlibxerces-c-3_1-32bitlibzip2libzmq3mipv6dperl-32bitpidgin-otrpuppetpython-cupshelperssystem-config-printerpython-imagingpython-libxml2python-pyOpenSSLpython-pywbemrhythmboxrhythmbox-langrubytelepathy-gabbletelepathy-idleunixODBC-32bitwdiffxen-kmp-defaultxen-libs-32bitxinetdxlockmoreDirectFBlib++dfb-1_7-1libdirectfb-1_7-1libdirectfb-1_7-1-32bitbusyboxgstreamer-0_10-plugins-badgstreamer-0_10-plugins-bad-langlibgstbasecamerabinsrc-0_10-23libgstbasecamerabinsrc-0_10-23-32bitlibgstbasevideo-0_10-23libgstbasevideo-0_10-23-32bitlibgstcodecparsers-0_10-23libgstphotography-0_10-23libgstphotography-0_10-23-32bitlibgstsignalprocessor-0_10-23libgstsignalprocessor-0_10-23-32bitlibgstvdp-0_10-23libgstvdp-0_10-23-32biticulibicu52_1libicu52_1-32bitlibicu52_1-datajava-1_8_0-openjdk-pluginlibFLAC8-32bitpostgresql94libsss_sudolibjasper1libjasper1-32bitlibjpeg62-32bitlibmpfr4libpng15-15libruby2_1-2_1ruby2.1ruby2.1-stdliblibssh2-1-32bitlibvdpau1-32bitpigzatlibQtWebKit4libQtWebKit4-32bitlibbonobolibbonobo-32bitlibbonobo-langlibkde4libkde4-32bitlibkdecore4libkdecore4-32bitlibksuseinstall1libksuseinstall1-32bitdosfstoolsevince-browser-pluginfontconfigfontconfig-32bitlibgoa-1_0-0-32bitlhasaliblhasa0libFLAC++6-32bitlibQt5WebKit5libQt5WebKit5-importslibQt5WebKitWidgets5libasan2libasan2-32bitlibmpx0libmpx0-32bitlibmpxwrappers0libmpxwrappers0-32bitlibdcerpc-atsvc0libgif6libgif6-32bitlibhogweed2libhogweed2-32bitlibnettle4libnettle4-32bitlibpoppler60libproxy1-pacrunner-webkitlibreoffice-icon-theme-galaxyxfsprogslibapparmor1libapparmor1-32bitlibaudiofile1-32bitdrm-kmp-defaultgegl-0_2gegl-0_2-langlibgegl-0_2-0libgstreamer-1_0-0-32bitgstreamer-0_10-plugins-basegstreamer-0_10-plugins-base-32bitgstreamer-0_10-plugins-base-langlibgstapp-0_10-0libgstapp-0_10-0-32bitlibgstinterfaces-0_10-0libgstinterfaces-0_10-0-32bitgstreamer-0_10-plugins-goodgstreamer-0_10-plugins-good-langgstreamer-plugins-basegstreamer-plugins-base-langlibgstallocators-1_0-0libgstapp-1_0-0libgstapp-1_0-0-32bitlibgstaudio-1_0-0libgstaudio-1_0-0-32bitlibgstfft-1_0-0libgstfft-1_0-0-32bitlibgstpbutils-1_0-0libgstpbutils-1_0-0-32bitlibgstriff-1_0-0libgstrtp-1_0-0libgstrtsp-1_0-0libgstsdp-1_0-0libgsttag-1_0-0libgsttag-1_0-0-32bitlibgstvideo-1_0-0libgstvideo-1_0-0-32bittypelib-1_0-GstAudio-1_0typelib-1_0-GstPbutils-1_0typelib-1_0-GstTag-1_0typelib-1_0-GstVideo-1_0libXpm4libXpm4-32bitlibass5libcairo-gobject2-32bitlibcares2-32bitpostgresql96libosip2libtirpc-netconfiglibtirpc3libtirpc3-32bitlibwireshark8libwiretap6libwsutil7wireshark-gtkrrdtool-cachedsane-backends-32bitunrarSuSEfirewall2libisc166-32bitpython-bindpython-cephfspython-radospython-rbdpython-rgwgnome-shell-search-provider-nautiluslibnautilus-extension1libnautilus-extension1-32bitnautilusnautilus-langgwenhywfar-langgwenhywfar-toolslibgwengui-gtk2-0libgwenhywfar60libgwenhywfar60-pluginsliblcms2-2-32bitlibSoundTouch0-32bitlibXdmcp6-32bitlibcdio14libcdio14-32bitlibiso9660-8libical1libical1-32bitliblouis9mariadb-100-errormessageslibofxlibofx6libpodofo0_9_2libprocps3procpslibqpdf18libvpx1libvpx1-32bitvpx-toolslibyaml-cpp0_5shotwellshotwell-langcluster-network-kmp-defaultlighttpdpython-PyYAMLruby2.1-rubygem-bundlerlibcorosync4sle-module-adv-systems-management-releasepuppet-serverlibslurm29slurm-sched-wikicups154cups154-clientcups154-filterscups154-libsjava-1_6_0-ibmjava-1_6_0-ibm-fontsjava-1_6_0-ibm-jdbcjava-1_6_0-ibm-pluginsyslog-ngcpp5gcc5gcc5-c++gcc5-fortrangcc5-infogcc5-localelibffi-devel-gcc5libstdc++6-devel-gcc5sle-module-toolchain-releaseapache2-mod_php5php5php5-bcmathphp5-bz2php5-calendarphp5-ctypephp5-curlphp5-dbaphp5-domphp5-enchantphp5-exifphp5-fastcgiphp5-fileinfophp5-fpmphp5-ftpphp5-gdphp5-gettextphp5-gmpphp5-iconvphp5-intlphp5-jsonphp5-ldapphp5-mbstringphp5-mcryptphp5-mysqlphp5-odbcphp5-opensslphp5-pcntlphp5-pdophp5-pearphp5-pgsqlphp5-pspellphp5-shmopphp5-snmpphp5-soapphp5-socketsphp5-sqlitephp5-suhosinphp5-sysvmsgphp5-sysvsemphp5-sysvshmphp5-tokenizerphp5-wddxphp5-xmlreaderphp5-xmlrpcphp5-xmlwriterphp5-xslphp5-zipphp5-zlibphp7-imapphp7-mcryptphp7-pspellnodejs4nodejs4-develnodejs4-docsnpm4nodejs6nodejs6-develnodejs6-docsnpm6alsa-docsapache-commons-daemon-javadocapache2-mod_perlgcc48-localecvs-doccyrus-sasl-otp-32bitcyrus-sasl-sqlauxprop-32bitdovecot22dovecot22-backend-mysqldovecot22-backend-pgsqldovecot22-backend-sqlitelibgnutls-openssl27java-1_7_0-openjdk-demojava-1_7_0-openjdk-develkernel-xen-basekrb5-dockrb5-appl-serverslibcgroup-toolspostgresql93-contribpostgresql93-docspostgresql93-serverliblua5_2-32bitlibneon27-32bitlibopenssl1_0_0-hmac-32bitopenssl-docqt4-x11-toolslibvorbis-docpython-vtevte2-langlibxml2-doclogwatchmailmanopenvswitch-kmp-defaultopenvswitch-kmp-xenopenvswitch-switchopieperl-Cyrus-IMAPperl-Cyrus-SIEVE-managesieveppc64-diagrsyslog-diag-toolsrsyslog-docsquidGuardsquidGuard-doctomcat-el-2_2-apitomcat-jsp-2_2-apitomcat-servlet-3_0-apixen-doc-htmlpython-libguestfsjava-1_7_1-ibmjava-1_7_1-ibm-alsajava-1_7_1-ibm-jdbcjava-1_7_1-ibm-pluginpostgresql94-contribpostgresql94-docspostgresql94-serverlibhivex0perl-Win-Hivexlibicu-doclibmpfr4-32bitsmtsmt-supporttomcat-servlet-3_1-apiflexflex-32bitlibbonobo-docgiflib-progsgrub2-arm64-efivirt-p2vlibidn-toolslibtcnative-1-0openvswitch-dpdkopenvswitch-dpdk-switchres-signingkeysjakarta-taglibs-standard-javadocpostgresql96-contribpostgresql96-docspostgresql96-serverlibmicrohttpd10policycoreutils-pythonlibdpdk-17_11python-louislibsaml8opensaml-binlibshibsp-lite6libshibsp6libxmltooling6sle-sdk-releasecoolkey-develctdb-develdovecot22-develfinch-develfirebird-devellibfbembed-develfuse-devel-staticgcc48-adagcc48-fortrangcc48-javagcc48-obj-c++gcc48-objcgcc48-objc-32bitlibada48libffi48-devellibgcj48-devellibgfortran3-32bitlibobjc4libobjc4-32bitlibquadmath0-32biticecreamid3liblib3ds-1-3libapr-util1-devellibapr1-devellibcgroup-develtypelib-1_0-ColorHug-1_0libdcerpc-atsvc-devellibgensec-devellibpdb-devellibregistry-devellibsmbclient-raw-devellibsmbsharemodes-devellibsmbsharemodes0samba-test-devellibgnutls-openssl-devellibgssglue-devellibgudev-1_0-develtypelib-1_0-GUdev-1_0libid3tag-devellibwebkitgtk-devellibwebkitgtk3-develtypelib-1_0-JavaScriptCore-1_0typelib-1_0-WebKit-1_0liblcms-devellibmikmod-devellibmusicbrainz-devellibmysqlclient-devellibmysqld18pcp-import-sheet2pcplibpng12-compat-devellibpoppler-qt4-devellibqt4-devellibqt4-devel-doclibqt4-devel-doc-datalibqt4-linguistlibqt4-private-headers-devellibrpcsecgss-develsilc-toolkit-devellibssh-devel-doclibsvn_auth_kwallet-1-0libxcb-xevie0libxcb-xprint0lua-develnewt-staticnut-cgiphp5-develpostgresql93-develrhythmbox-develruby-develtypelib-1_0-SpiceClientGtk-2_0vte2-develxalan-j2-demoxalan-j2-manualxfigyast2-devel-docDirectFB-devellib++dfb-develgstreamer-0_10-plugins-bad-develhivex-develjava-1_7_1-ibm-devellibqt5-qtbase-doclibicu-devellibtidy-0_99-0libtidy-0_99-0-develpostgresql94-develruby2.1-devellibQtWebKit-devellibbonobo-develmdbtoolssgmltoolfontconfig-devellhasa-devellibQt5WebKit-private-headers-devellibQt5WebKit5-devellibQt5WebKitWidgets-devellibQt5WebKitWidgets-private-headers-develpyldbpyldb-devellibtcnative-1-0-devellibwmf-toolsmysql-connector-javaxfsprogs-develapache2-mod_perl-develgstreamer-0_10-plugins-base-develtypelib-1_0-GstApp-0_10typelib-1_0-GstInterfaces-0_10gstreamer-plugins-base-develtypelib-1_0-GstAllocators-1_0typelib-1_0-GstApp-1_0typelib-1_0-GstFft-1_0typelib-1_0-GstRtp-1_0typelib-1_0-GstRtsp-1_0typelib-1_0-GstSdp-1_0libXpm-devellibXpm-toolslibapparmor-devellibbotan-1_10-0libbotan-devellibcares-devellibgit2-24libopus-devel-staticlibosip2-develpcre-devel-staticlibtirpc-devellibunrar-devellibunrar5_0_14postgresql96-develyodlbuild-initvm-x86_64gwenhywfar-devellibgwengui-qt4-0libical-devel-staticlibofx-devellibpodofo-develnautilus-develtypelib-1_0-Nautilus-3_0obs-service-source_validatorprocps-develruby2.1-rubygem-yardslf4jsle-bsk-releaselibwmfflutelibbaselibfontslibformulaliblayoutlibloaderlibrepositorylibrevengelibrevenge-devellibrevenge-generators-0_0-0libserializermddsmdds-develpentaho-libxmlpentaho-reporting-flow-enginesacperl-Capture-Tinygcc5-golibgo7popplerkdelibs4kdelibs4-branding-upstreamkdelibs4-corekdelibs4-doclibkde4-devellibkdecore4-devellibmdbodbc1mdbtools-develvirtuosovirtuoso-driversvirtuoso-serverlynxfirebirdlibfbclient2libfbclient2-develpodofocompat-openssl098freetype2postgresql93-libslibziplibksbawebkitgtkwebkitgtk3libXfontfltklibfltk1libqt4-sql-pluginsevolution-data-serverevolution-data-server-langlibcamel-1_2-45libcamel-1_2-45-32bitlibebackend-1_2-7libebackend-1_2-7-32bitlibebook-1_2-14libebook-1_2-14-32bitlibebook-contacts-1_2-0libebook-contacts-1_2-0-32bitlibecal-1_2-16libecal-1_2-16-32bitlibedata-book-1_2-20libedata-book-1_2-20-32bitlibedata-cal-1_2-23libedata-cal-1_2-23-32bitlibedataserver-1_2-18libedataserver-1_2-18-32bitlibyamlrpm-pythonmpfrlibvdpauapache-commons-loggingcmis-clientgraphite2hyphenlibabwlibabw-0_1-1libcdrlibcdr-0_1-1libcmis-0_5-5libe-booklibe-book-0_1-1libetonyeklibetonyek-0_1-1libfreehandlibfreehand-0_1-1libgltflibgltf-0_0-0libhyphen0libixion-0_10-0libmspublibmspub-0_1-1libodfgenlibodfgen-0_1-1liborcus-0_8-0libpagemakerlibpagemaker-0_0-0libreoffice-share-linkerlibreoffice-voikkolibrevenge-0_0-0librevenge-stream-0_0-0libvisiolibvisio-0_1-1libvoikkolibvoikko1malaga-suomilibpng12gdk-pixbufpytallocpytalloc-32bitboostboost-license1_54_0hunspellhunspell-32bithunspell-toolslibOpenCOLLADA0libboost_atomic1_54_0libboost_date_time1_54_0libboost_filesystem1_54_0libboost_iostreams1_54_0libboost_program_options1_54_0libboost_regex1_54_0libboost_signals1_54_0libboost_system1_54_0libboost_thread1_54_0libixion-0_11-0liborcus-0_11-0openCOLLADAgiflibpostgresql94-libslibotrlibcilkrts5libcilkrts5-32bitlibffi-gcc5liblsan0libstdc++6-localelibubsan0libubsan0-32bitpython-backports.ssl_match_hostnamepython-tornadoyast2-ntp-clientpoppler-qtimaplibc-client2007e_suselibimobiledevicelibimobiledevice-toolslibimobiledevice4libusbmuxd2usbmuxdlibidnlibstoragelibstorage-rubylibstorage6libXfixeslibXilibXrandrlibXrenderlibXtstlibXvlibXvMCgtk2pcregclibasslibgmelibgstegl-1_0-0libpng15opuslibXpmzlibgegllibpcaplibpcap1libpcap1-32bitapparmorfirebird-classiclibtirpclibtirpc1libtirpc1-32bitlibplistlibplist++1libplist1libixion-0_12-0liborcus-0_12-0libzmflibzmf-0_0-0libICElibXdmcplibicallibrsvgpostgresql96-libsxerces-j2libcephfs1libXcursorvirglrendererlibQtQuick5libqt5-qtdeclarativelibvpxlibexiflibeventdb48-utilslibdb-4_8libdb-4_8-32bityaml-cpplibid3taggwenhywfarlibqca2libqca2-32bitqt4-qtscriptlibcgroupNetworkManager-vpncNetworkManager-vpnc-gnomeNetworkManager-vpnc-langpostgresql10-libslibxcblibntfs-3g84libexiv2-12python-setuptoolspython3-setuptoolslibatalk12netatalkdrmpython-talloc-32bitvirt-installvirt-managervirt-manager-commongnome-documentsgnome-documents-langgnome-documents_books-commongnome-shell-search-provider-documentslibboost_locale1_54_0libboost_random1_54_0libixion-0_13-0liborcus-0_13-0libqxplibqxp-0_0-0libmodplugImageMagick-config-6-SUSEImageMagick-config-6-upstreamatftpauditaudit-secondarydoxygenlibavahi-glib1-32bitlibwsman1adclimariadb-100libnetfilter_cthelperlibnetfilter_cthelper0libnetfilter_cttimeoutlibnetfilter_cttimeout1cluster-fscluster-networkcluster-network-kmp-xendlm-kmp-xendrbd-kmp-xengfs2-kmp-xenocfs2-kmp-xenhawk2hawkhawk-templatesldirectordmonitoring-plugins-metadataresource-agentslibdlmlibdlm3kgraft-patch-3_12_38-44-defaultkgraft-patch-3_12_38-44-xenkgraft-patch-SLE12_Update_3sle-live-patching-releasekgraft-patch-3_12_39-47-defaultkgraft-patch-3_12_39-47-xenkgraft-patch-SLE12_Update_4kgraft-patch-3_12_32-33-defaultkgraft-patch-3_12_32-33-xenkgraft-patch-3_12_36-38-defaultkgraft-patch-3_12_36-38-xenkgraft-patch-SLE12_Update_1kgraft-patch-SLE12_Update_2kgraft-patch-3_12_43-52_6-defaultkgraft-patch-3_12_43-52_6-xenkgraft-patch-SLE12_Update_5kgraft-patch-3_12_44-52_10-defaultkgraft-patch-3_12_44-52_10-xenkgraft-patch-SLE12_Update_6kgraft-patch-3_12_44-52_18-defaultkgraft-patch-3_12_44-52_18-xenkgraft-patch-SLE12_Update_7kgraft-patch-3_12_48-52_27-defaultkgraft-patch-3_12_48-52_27-xenkgraft-patch-SLE12_Update_8kgraft-patch-3_12_51-52_31-defaultkgraft-patch-3_12_51-52_31-xenkgraft-patch-SLE12_Update_9kgraft-patch-3_12_51-60_20-defaultkgraft-patch-3_12_51-60_20-xenkgraft-patch-SLE12-SP1_Update_1kgraft-patch-3_12_60-52_49-defaultkgraft-patch-3_12_60-52_49-xenkgraft-patch-SLE12_Update_14kgraft-patch-3_12_59-60_41-defaultkgraft-patch-3_12_59-60_41-xenkgraft-patch-SLE12-SP1_Update_5kgraft-patch-3_12_59-60_45-defaultkgraft-patch-3_12_59-60_45-xenkgraft-patch-SLE12-SP1_Update_6kgraft-patch-3_12_60-52_54-defaultkgraft-patch-3_12_60-52_54-xenkgraft-patch-SLE12_Update_15kgraft-patch-3_12_51-52_34-defaultkgraft-patch-3_12_51-52_34-xenkgraft-patch-SLE12_Update_10kgraft-patch-3_12_49-11-defaultkgraft-patch-3_12_49-11-xenkgraft-patch-SLE12-SP1_Update_0kgraft-patch-3_12_57-60_35-defaultkgraft-patch-3_12_57-60_35-xenkgraft-patch-SLE12-SP1_Update_4kgraft-patch-3_12_53-60_30-defaultkgraft-patch-3_12_53-60_30-xenkgraft-patch-SLE12-SP1_Update_3kgraft-patch-3_12_51-60_25-defaultkgraft-patch-3_12_51-60_25-xenkgraft-patch-SLE12-SP1_Update_2kgraft-patch-3_12_62-60_62-defaultkgraft-patch-3_12_62-60_62-xenkgraft-patch-SLE12-SP1_Update_7kgraft-patch-3_12_51-52_39-defaultkgraft-patch-3_12_51-52_39-xenkgraft-patch-SLE12_Update_11kgraft-patch-3_12_62-60_64_8-defaultkgraft-patch-3_12_62-60_64_8-xenkgraft-patch-SLE12-SP1_Update_8kgraft-patch-3_12_67-60_64_18-defaultkgraft-patch-3_12_67-60_64_18-xenkgraft-patch-SLE12-SP1_Update_9kgraft-patch-3_12_67-60_64_21-defaultkgraft-patch-3_12_67-60_64_21-xenkgraft-patch-SLE12-SP1_Update_10kgraft-patch-4_4_21-84-defaultkgraft-patch-SLE12-SP2_Update_2kgraft-patch-4_4_21-90-defaultkgraft-patch-SLE12-SP2_Update_3kgraft-patch-4_4_21-69-defaultkgraft-patch-SLE12-SP2_Update_0kgraft-patch-3_12_67-60_64_24-defaultkgraft-patch-3_12_67-60_64_24-xenkgraft-patch-SLE12-SP1_Update_11kgraft-patch-4_4_21-81-defaultkgraft-patch-SLE12-SP2_Update_1kgraft-patch-3_12_55-52_42-defaultkgraft-patch-3_12_55-52_42-xenkgraft-patch-SLE12_Update_12kgraft-patch-3_12_55-52_45-defaultkgraft-patch-3_12_55-52_45-xenkgraft-patch-SLE12_Update_13kgraft-patch-4_4_59-92_24-defaultkgraft-patch-SLE12-SP2_Update_9kgraft-patch-4_4_74-92_29-defaultkgraft-patch-SLE12-SP2_Update_10kgraft-patch-4_4_59-92_17-defaultkgraft-patch-SLE12-SP2_Update_7kgraft-patch-4_4_59-92_20-defaultkgraft-patch-SLE12-SP2_Update_8kgraft-patch-4_4_49-92_11-defaultkgraft-patch-SLE12-SP2_Update_5kgraft-patch-4_4_49-92_14-defaultkgraft-patch-SLE12-SP2_Update_6kgraft-patch-4_4_38-93-defaultkgraft-patch-SLE12-SP2_Update_4kgraft-patch-4_4_74-92_32-defaultkgraft-patch-SLE12-SP2_Update_11kgraft-patch-4_4_74-92_35-defaultkgraft-patch-SLE12-SP2_Update_12kgraft-patch-4_4_74-92_38-defaultkgraft-patch-SLE12-SP2_Update_13kgraft-patch-4_4_90-92_45-defaultkgraft-patch-SLE12-SP2_Update_14kgraft-patch-4_4_90-92_50-defaultkgraft-patch-SLE12-SP2_Update_15kgraft-patch-4_4_103-92_53-defaultkgraft-patch-SLE12-SP2_Update_16kgraft-patch-3_12_69-60_64_29-defaultkgraft-patch-3_12_69-60_64_29-xenkgraft-patch-SLE12-SP1_Update_12kgraft-patch-3_12_69-60_64_32-defaultkgraft-patch-3_12_69-60_64_32-xenkgraft-patch-SLE12-SP1_Update_13kgraft-patch-3_12_69-60_64_35-defaultkgraft-patch-3_12_69-60_64_35-xenkgraft-patch-SLE12-SP1_Update_14kgraft-patch-3_12_74-60_64_40-defaultkgraft-patch-3_12_74-60_64_40-xenkgraft-patch-SLE12-SP1_Update_15kgraft-patch-4_4_103-92_56-defaultkgraft-patch-SLE12-SP2_Update_17kgraftkgraft-develkgraft-patch-4_4_114-92_64-defaultkgraft-patch-SLE12-SP2_Update_18kgraft-patch-4_4_120-92_70-defaultkgraft-patch-SLE12-SP2_Update_20kgraft-patch-4_4_73-5-defaultkgraft-patch-SLE12-SP3_Update_0kgraft-patch-4_4_82-6_3-defaultkgraft-patch-SLE12-SP3_Update_1kgraft-patch-4_4_82-6_6-defaultkgraft-patch-SLE12-SP3_Update_2kgraft-patch-4_4_92-6_18-defaultkgraft-patch-SLE12-SP3_Update_4kgraft-patch-4_4_82-6_9-defaultkgraft-patch-SLE12-SP3_Update_3kgraft-patch-4_4_92-6_30-defaultkgraft-patch-SLE12-SP3_Update_5kgraft-patch-4_4_103-6_33-defaultkgraft-patch-SLE12-SP3_Update_6kgraft-patch-4_4_103-6_38-defaultkgraft-patch-SLE12-SP3_Update_7kgraft-patch-4_4_114-94_14-defaultkgraft-patch-SLE12-SP3_Update_9kgraft-patch-4_4_114-94_11-defaultkgraft-patch-SLE12-SP3_Update_8kgraft-patch-4_4_120-94_17-defaultkgraft-patch-SLE12-SP3_Update_10kgraft-patch-4_4_138-94_39-defaultkgraft-patch-SLE12-SP3_Update_14kgraft-patch-4_4_140-94_42-defaultkgraft-patch-SLE12-SP3_Update_15kgraft-patch-4_4_132-94_33-defaultkgraft-patch-SLE12-SP3_Update_13kgraft-patch-4_4_126-94_22-defaultkgraft-patch-SLE12-SP3_Update_11kgraft-patch-4_4_131-94_29-defaultkgraft-patch-SLE12-SP3_Update_12kgraft-patch-4_4_143-94_47-defaultkgraft-patch-SLE12-SP3_Update_16kgraft-patch-4_4_155-94_50-defaultkgraft-patch-SLE12-SP3_Update_17kgraft-patch-4_4_156-94_57-defaultkgraft-patch-SLE12-SP3_Update_18kgraft-patch-4_4_156-94_61-defaultkgraft-patch-SLE12-SP3_Update_19kgraft-patch-4_4_162-94_69-defaultkgraft-patch-SLE12-SP3_Update_21kgraft-patch-4_4_156-94_64-defaultkgraft-patch-SLE12-SP3_Update_20kgraft-patch-4_4_178-94_91-defaultkgraft-patch-SLE12-SP3_Update_25kgraft-patch-4_4_180-94_97-defaultkgraft-patch-SLE12-SP3_Update_26kgraft-patch-4_4_176-94_88-defaultkgraft-patch-SLE12-SP3_Update_24kgraft-patch-4_4_162-94_72-defaultkgraft-patch-SLE12-SP3_Update_22kgraft-patch-4_4_175-94_79-defaultkgraft-patch-SLE12-SP3_Update_23kgraft-patch-4_12_14-95_3-defaultkgraft-patch-SLE12-SP4_Update_1kgraft-patch-4_12_14-95_16-defaultkgraft-patch-SLE12-SP4_Update_4kgraft-patch-4_12_14-95_19-defaultkgraft-patch-SLE12-SP4_Update_5kgraft-patch-4_12_14-94_41-defaultkgraft-patch-SLE12-SP4_Update_0kgraft-patch-4_12_14-95_13-defaultkgraft-patch-SLE12-SP4_Update_3kgraft-patch-4_12_14-95_6-defaultkgraft-patch-SLE12-SP4_Update_2kgraft-patch-4_12_14-95_24-defaultkgraft-patch-SLE12-SP4_Update_6kgraft-patch-4_12_14-95_29-defaultkgraft-patch-SLE12-SP4_Update_7kgraft-patch-4_12_14-95_32-defaultkgraft-patch-SLE12-SP4_Update_8ruby2.1-rubygem-puppetrubygem-puppetruby2.1-rubygem-passengerrubygem-passengerrubygem-passenger-apache2ruby2.1-rubygem-rack-1_4rubygem-rack-1_4sles12-docker-imagesles12sp1-docker-imageruby2.1-rubygem-docker-apiruby2.1-rubygem-exconrubygem-docker-apirubygem-exconsles11sp4-docker-imageportussles12sp2-docker-imagedocker-distributiondocker-distribution-registrysuse-sles12sp3-imagelibslurm31pdshslurm-slurmdb-directslurmlibspython-numpy_1_13_3-gnu-hpcpython-numpy_1_13_3-gnu-hpc-develpython3-numpy_1_13_3-gnu-hpcpython3-numpy_1_13_3-gnu-hpc-develcompat-libldap-2_3-0compat-libgcrypt11kernel-ec2kernel-ec2-develkernel-ec2-extrapython-rsapython-tablibpython-PyJWTpython-dulwichperl-File-Touchsmt-hagcc5-32bitgcc5-adagcc5-ada-32bitgcc5-c++-32bitgcc5-fortran-32bitlibada5libada5-32bitlibffi-devel-gcc5-32bitlibstdc++6-devel-gcc5-32bitphp5-opcachephp5-posixphp5-imapphp5-pharnodejs-commonapache2-mod_php72php72php72-bcmathphp72-bz2php72-calendarphp72-ctypephp72-curlphp72-dbaphp72-domphp72-enchantphp72-exifphp72-fastcgiphp72-fileinfophp72-fpmphp72-ftpphp72-gdphp72-gettextphp72-gmpphp72-iconvphp72-imapphp72-intlphp72-jsonphp72-ldapphp72-mbstringphp72-mysqlphp72-odbcphp72-opcachephp72-opensslphp72-pcntlphp72-pdophp72-pearphp72-pear-Archive_Tarphp72-pgsqlphp72-pharphp72-posixphp72-pspellphp72-readlinephp72-shmopphp72-snmpphp72-soapphp72-socketsphp72-sqlitephp72-sysvmsgphp72-sysvsemphp72-sysvshmphp72-tidyphp72-tokenizerphp72-wddxphp72-xmlreaderphp72-xmlrpcphp72-xmlwriterphp72-xslphp72-zipphp72-zlibsle-pos-releasekgraft-patch-4_4_121-92_85-defaultkgraft-patch-SLE12-SP2_Update_23kgraft-patch-4_4_121-92_92-defaultkgraft-patch-SLE12-SP2_Update_24yast2-smtpostgresql-initkgraft-patch-4_4_121-92_95-defaultkgraft-patch-SLE12-SP2_Update_25kgraft-patch-4_4_121-92_73-defaultkgraft-patch-SLE12-SP2_Update_21kgraft-patch-4_4_121-92_80-defaultkgraft-patch-SLE12-SP2_Update_22hostinfokgraft-patch-4_4_121-92_109-defaultkgraft-patch-SLE12-SP2_Update_29kgraft-patch-4_4_121-92_114-defaultkgraft-patch-SLE12-SP2_Update_30kgraft-patch-4_4_121-92_117-defaultkgraft-patch-SLE12-SP2_Update_31kgraft-patch-4_4_121-92_120-defaultkgraft-patch-SLE12-SP2_Update_32kgraft-patch-4_4_121-92_101-defaultkgraft-patch-SLE12-SP2_Update_27kgraft-patch-4_4_121-92_104-defaultkgraft-patch-SLE12-SP2_Update_28tcmu-runnerxerces-j2-xml-apisxerces-j2-xml-resolveropensamldovecotlibmicrohttpdlibrelpkernel-computekernel-compute-basekernel-compute-develkernel-compute_debugkernel-compute_debug-develSUSE-Linux-Enterprise-RT-releasecluster-network-kmp-rtcrash-kmp-rtSLES_SAP-releaselibstorage5kgraft-patch-3_12_60-52_57-defaultkgraft-patch-3_12_60-52_57-xenkgraft-patch-SLE12_Update_16kgraft-patch-3_12_60-52_60-defaultkgraft-patch-3_12_60-52_60-xenkgraft-patch-SLE12_Update_17kgraft-patch-3_12_60-52_63-defaultkgraft-patch-3_12_60-52_63-xenkgraft-patch-SLE12_Update_18kgraft-patch-3_12_61-52_80-defaultkgraft-patch-3_12_61-52_80-xenkgraft-patch-SLE12_Update_23kgraft-patch-3_12_61-52_77-defaultkgraft-patch-3_12_61-52_77-xenkgraft-patch-SLE12_Update_22kgraft-patch-3_12_61-52_66-defaultkgraft-patch-3_12_61-52_66-xenkgraft-patch-SLE12_Update_19kgraft-patch-3_12_61-52_69-defaultkgraft-patch-3_12_61-52_69-xenkgraft-patch-SLE12_Update_20kgraft-patch-3_12_61-52_72-defaultkgraft-patch-3_12_61-52_72-xenkgraft-patch-SLE12_Update_21kgraft-patch-3_12_61-52_83-defaultkgraft-patch-3_12_61-52_83-xenkgraft-patch-SLE12_Update_24kgraft-patch-3_12_61-52_86-defaultkgraft-patch-3_12_61-52_86-xenkgraft-patch-SLE12_Update_25lighttpd-mod_cmllighttpd-mod_magnetlighttpd-mod_mysql_vhostlighttpd-mod_rrdtoollighttpd-mod_trigger_b4_dllighttpd-mod_webdavkgraft-patch-3_12_74-60_64_48-defaultkgraft-patch-3_12_74-60_64_48-xenkgraft-patch-SLE12-SP1_Update_17kgraft-patch-3_12_74-60_64_45-defaultkgraft-patch-3_12_74-60_64_45-xenkgraft-patch-SLE12-SP1_Update_16kgraft-patch-3_12_74-60_64_51-defaultkgraft-patch-3_12_74-60_64_51-xenkgraft-patch-SLE12-SP1_Update_18kgraft-patch-3_12_74-60_64_54-defaultkgraft-patch-3_12_74-60_64_54-xenkgraft-patch-SLE12-SP1_Update_19kgraft-patch-3_12_74-60_64_57-defaultkgraft-patch-3_12_74-60_64_57-xenkgraft-patch-SLE12-SP1_Update_20kgraft-patch-3_12_74-60_64_60-defaultkgraft-patch-3_12_74-60_64_60-xenkgraft-patch-SLE12-SP1_Update_21kgraft-patch-3_12_74-60_64_63-defaultkgraft-patch-3_12_74-60_64_63-xenkgraft-patch-SLE12-SP1_Update_22kgraft-patch-3_12_74-60_64_66-defaultkgraft-patch-3_12_74-60_64_66-xenkgraft-patch-SLE12-SP1_Update_23kgraft-patch-3_12_74-60_64_85-defaultkgraft-patch-3_12_74-60_64_85-xenkgraft-patch-SLE12-SP1_Update_26kgraft-patch-3_12_74-60_64_82-defaultkgraft-patch-3_12_74-60_64_82-xenkgraft-patch-SLE12-SP1_Update_25kgraft-patch-3_12_74-60_64_69-defaultkgraft-patch-3_12_74-60_64_69-xenkgraft-patch-SLE12-SP1_Update_24kgraft-patch-3_12_74-60_64_88-defaultkgraft-patch-3_12_74-60_64_88-xenkgraft-patch-SLE12-SP1_Update_27kgraft-patch-3_12_74-60_64_96-defaultkgraft-patch-3_12_74-60_64_96-xenkgraft-patch-SLE12-SP1_Update_29kgraft-patch-3_12_74-60_64_93-defaultkgraft-patch-3_12_74-60_64_93-xenkgraft-patch-SLE12-SP1_Update_28kgraft-patch-3_12_74-60_64_99-defaultkgraft-patch-3_12_74-60_64_99-xenkgraft-patch-SLE12-SP1_Update_30kgraft-patch-3_12_74-60_64_104-defaultkgraft-patch-3_12_74-60_64_104-xenkgraft-patch-SLE12-SP1_Update_31kgraft-patch-3_12_74-60_64_110-defaultkgraft-patch-3_12_74-60_64_110-xenkgraft-patch-SLE12-SP1_Update_33kgraft-patch-3_12_74-60_64_115-defaultkgraft-patch-3_12_74-60_64_115-xenkgraft-patch-SLE12-SP1_Update_34kgraft-patch-3_12_74-60_64_107-defaultkgraft-patch-3_12_74-60_64_107-xenkgraft-patch-SLE12-SP1_Update_32kgraft-patch-3_12_74-60_64_118-defaultkgraft-patch-3_12_74-60_64_118-xenkgraft-patch-SLE12-SP1_Update_35kgraft-patch-3_12_74-60_64_121-defaultkgraft-patch-3_12_74-60_64_121-xenkgraft-patch-SLE12-SP1_Update_36libosinfolibosinfo-1_0-0libosinfo-langtypelib-1_0-Libosinfo-1_0cryptctlkgraft-patch-4_4_114-92_67-defaultkgraft-patch-SLE12-SP2_Update_19kgraft-patch-4_4_121-92_98-defaultkgraft-patch-SLE12-SP2_Update_26kgraft-patch-4_4_180-94_100-defaultkgraft-patch-SLE12-SP3_Update_27kgraft-patch-4_4_180-94_103-defaultkgraft-patch-SLE12-SP3_Update_28fltk-develfltk-devel-staticevolution-data-server-develtypelib-1_0-EBook-1_2typelib-1_0-EBookContacts-1_2typelib-1_0-EDataServer-1_2libnetfilter_cthelper-devellibnetfilter_cttimeout-devellibffi48hyphen-devellibabw-devellibabw-devel-doclibcdr-devellibcdr-devel-doclibcmis-c-0_5-5libcmis-c-devellibcmis-devellibe-book-devellibe-book-devel-doclibetonyek-devellibetonyek-devel-doclibfreehand-devellibfreehand-devel-doclibmspub-devellibmspub-devel-doclibodfgen-devellibodfgen-devel-doclibvisio-devellibvisio-devel-doclibvoikko-develhivexpytalloc-develboost-develhunspell-develhunspell-devel-32bitlibboost_chrono1_54_0libboost_graph1_54_0libboost_graph_parallel1_54_0libboost_log1_54_0libboost_math1_54_0libboost_mpi1_54_0libboost_python1_54_0libboost_serialization1_54_0libboost_test1_54_0libboost_timer1_54_0libboost_wave1_54_0libhyphen0-32bityast2-ntp-client-devel-docimap-devellibstorage-develyast2-users-devel-doctypelib-1_0-GstRiff-1_0libpcap-develBotantcmu-runner-develxerces-j2-demoxerces-j2-scriptsbuild-initvm-s390libqt5-qtdeclarative-devellibqt5-qtdeclarative-private-headers-devellibqt5-qtdeclarative-toolslibdb-4_8-develrubygem-yardlibqca2-develkernel-docs-azureant-javadocnetatalk-devellibboost_context1_54_0libqxp-devellibqxp-doclibqxp-toolsphp72-develpython-numpy-developenwsman-pythonlibdlm-develfontforgeruby2.1-rubygem-sle2dockersle2dockerapache2-mod_auth_kerbapache-commons-collectionsapache-commons-collections-javadoccyrus-imapdkgraft-patch-3_12_61-52_89-defaultkgraft-patch-3_12_61-52_89-xenkgraft-patch-SLE12_Update_26kgraft-patch-3_12_61-52_92-defaultkgraft-patch-3_12_61-52_92-xenkgraft-patch-SLE12_Update_27kgraft-patch-3_12_61-52_101-defaultkgraft-patch-3_12_61-52_101-xenkgraft-patch-SLE12_Update_28kgraft-patch-3_12_61-52_106-defaultkgraft-patch-3_12_61-52_106-xenkgraft-patch-SLE12_Update_29kgraft-patch-3_12_61-52_119-defaultkgraft-patch-3_12_61-52_119-xenkgraft-patch-SLE12_Update_31kgraft-patch-3_12_61-52_111-defaultkgraft-patch-3_12_61-52_111-xenkgraft-patch-SLE12_Update_30kgraft-patch-3_12_61-52_125-defaultkgraft-patch-3_12_61-52_125-xenkgraft-patch-SLE12_Update_33kgraft-patch-3_12_61-52_122-defaultkgraft-patch-3_12_61-52_122-xenkgraft-patch-SLE12_Update_32kgraft-patch-3_12_61-52_128-defaultkgraft-patch-3_12_61-52_128-xenkgraft-patch-SLE12_Update_34kgraft-patch-3_12_61-52_136-defaultkgraft-patch-3_12_61-52_136-xenkgraft-patch-SLE12_Update_36kgraft-patch-3_12_61-52_133-defaultkgraft-patch-3_12_61-52_133-xenkgraft-patch-SLE12_Update_35kgraft-patch-3_12_61-52_141-defaultkgraft-patch-3_12_61-52_141-xenkgraft-patch-SLE12_Update_37kgraft-patch-3_12_61-52_146-defaultkgraft-patch-3_12_61-52_146-xenkgraft-patch-SLE12_Update_38kgraft-patch-3_12_61-52_149-defaultkgraft-patch-3_12_61-52_149-xenkgraft-patch-SLE12_Update_39kgraft-patch-3_12_61-52_154-defaultkgraft-patch-3_12_61-52_154-xenkgraft-patch-SLE12_Update_40libtcmu1oracleasmoracleasm-kmp-defaultaudit-audispd-pluginslibSDL-1_2-0-32bitpython36python36-basepython36-cursespython36-dbmpython36-develpython36-docpython36-idlepython36-testsuitepython36-tkpython36-toolspython2-auditpython3-auditdnsmasq-utilspython-glanceclientpython-keystonemiddlewarepython-novaclientpython-novaclient-docpython-swiftclientpython-swiftclient-docopenstack-ceilometeropenstack-ceilometer-agent-computeopenstack-novaopenstack-nova-computeopenstack-suseopenstack-suse-sudopython-ceilometerpython-novapython-python-memcachediperfiperf-devellibiperf0MozillaThunderbird-buildsymbolskde-cli-tools5kde-cli-tools5-langgo1.4go1.4-dockcoreaddonskcoreaddons-develkcoreaddons-devel-32bitkcoreaddons-langlibKF5CoreAddons5libKF5CoreAddons5-32bitffmpeg-devellibavcodec56libavcodec56-32bitlibavdevice56libavdevice56-32bitlibavfilter5libavfilter5-32bitlibavformat56libavformat56-32bitlibavresample2libavresample2-32bitlibavutil54libavutil54-32bitlibpostproc53libpostproc53-32bitlibswresample1libswresample1-32bitlibswscale3libswscale3-32bitimlib2imlib2-develimlib2-filtersimlib2-loaderslibImlib2-1libprotobuf-lite8libprotobuf8libprotoc8moshninjaprotobufprotobuf-develprotobuf-javapython-protobufzncznc-develznc-perlznc-python3znc-tclkarchivekarchive-develkarchive-devel-32bitlibKF5Archive5libKF5Archive5-32bitredisfreexlfreexl-devellibfreexl1openjpeglamelame-doclame-mp3rtplibtwolame-devellibtwolame0twolamelibopenjp2-7-32bitlibmbedtls9libmbedtls9-32bitmbedtlsmbedtls-develansiblemongodbmongodb-mongoperfmongodb-mongosmongodb-servermongodb-shelltorerlangerlang-debuggererlang-debugger-srcerlang-dialyzererlang-dialyzer-srcerlang-diametererlang-diameter-srcerlang-docerlang-epmderlang-eterlang-et-srcerlang-gserlang-gs-srcerlang-jinterfaceerlang-jinterface-srcerlang-observererlang-observer-srcerlang-reltoolerlang-reltool-srcerlang-srcerlang-wxerlang-wx-srcphpMyAdminkopetekopete-develkdelibs4-apidocskiokio-32bitkio-corekio-core-32bitkio-develkio-devel-32bitkio-langlibksuseinstall-develgeotiffgeotiff-devellibgeotiff2libavcodec57-32bitlibavdevice57-32bitlibavfilter6-32bitlibavformat57-32bitlibavresample3-32bitlibavutil55-32bitlibpostproc54-32bitlibswresample2-32bitlibswscale4-32bitkauthkauth-develkauth-devel-32bitlibKF5Auth5libKF5Auth5-32bitlibKF5Auth5-langffmpeg2ffmpeg2-develakonadi_resourcesakregator5blogilo5kaddressbook5kalarm5kdepimkmail5knotes5kontact5korganizer5ktnef5messagelibmessagelib-develarklibkerfuffle15libkerfuffle16libre2-0re2re2-devellibre2-0-32bitdrkonqi5plasma5-workspaceplasma5-workspace-develplasma5-workspace-langplasma5-workspace-libspdns-recursorpdnspdns-backend-godbcpdns-backend-ldappdns-backend-luapdns-backend-mydnspdns-backend-mysqlpdns-backend-postgresqlpdns-backend-remotepdns-backend-sqlite3libsox3soxsox-devellibmadlibmad0-32bitlibmp3lame0-32bitgo1.9go1.9-docgo1.9-racego1.8go1.8-docgo1.8-racepython-Djangohdf5hdf5-develhdf5-devel-datahdf5-devel-statichdf5-exampleshdf5-openmpihdf5-openmpi-develhdf5-openmpi-devel-staticlibhdf5-10libhdf5-10-openmpilibhdf5_cpp12libhdf5_fortran10libhdf5_fortran10-openmpilibhdf5_hl10libhdf5_hl10-openmpilibhdf5_hl_cpp11libhdf5hl_fortran10libhdf5hl_fortran10-openmpilibopencv-qt56_3libopencv3_1opencv-docopencv-qt5opencv-qt5-developencv-qt5-docpython-opencvpython-opencv-qt5python3-opencvpython3-opencv-qt5libsingularity1singularitysingularity-develkeepalivedpdns-backend-geoipznc-langhelmmumblemumble-32bitmumble-serverkconf_update5kconfigkconfig-develkconfig-devel-32bitkconfig-devel-64bitlibKF5ConfigCore5libKF5ConfigCore5-32bitlibKF5ConfigCore5-64bitlibKF5ConfigCore5-langlibKF5ConfigGui5libKF5ConfigGui5-32bitlibKF5ConfigGui5-64bitlibkde4-64bitlibkdecore4-64bitlibksuseinstall1-64bitextra-cmake-moduleskauth-devel-64bitkcoreaddons-devel-64bitlibKF5Auth5-64bitlibKF5CoreAddons5-64bitlibpolkit-qt5-1-1libpolkit-qt5-1-1-64bitlibpolkit-qt5-1-devellibpolkit-qt5-1-devel-64bitpolkit-qt5-1git-annexgit-annex-bash-completionnextcloudokularokular-develokular-langffmpeg-4ffmpeg-4-libavcodec-develffmpeg-4-libavdevice-develffmpeg-4-libavfilter-develffmpeg-4-libavformat-develffmpeg-4-libavresample-develffmpeg-4-libavutil-develffmpeg-4-libpostproc-develffmpeg-4-libswresample-develffmpeg-4-libswscale-develffmpeg-4-private-devellibavcodec58libavcodec58-32bitlibavdevice58libavdevice58-32bitlibavfilter7libavfilter7-32bitlibavformat58libavformat58-32bitlibavresample4libavresample4-32bitlibavutil56libavutil56-32bitlibpostproc55libpostproc55-32bitlibswresample3libswresample3-32bitlibswscale5libswscale5-32bitNetworkManager-glibNetworkManager-gnomeOpenEXROpenEXR-32bitOpenEXR-x86halhal-32bithal-dochal-x86libpackagekit-glib10PolicyKitPolicyKit-32bitPolicyKit-docPolicyKit-x86php5-dbasephp5-hashlibavahi-client3-x86libavahi-common3-x86libavahi-core5libdns_sd-x86bind-libs-x86boost-licenselibboost_program_options1_36_0libboost_regex1_36_0libboost_signals1_36_0libbz2-1-x86cifs-mountldapsmblibsmbclient0-x86libtalloc1libtalloc1-32bitlibtalloc1-x86libtdb1-x86libwbclient0-x86samba-client-x86samba-krb-printingsamba-winbind-x86samba-x86cups-libs-x86libcurl4-x86dbus-1-32bitdbus-1-x86libcom_err2-x86evince-docevolution-data-server-32bitevolution-data-server-x86libexpat1-x86file-32bitfile-x86findutilsfindutils-locatefreeradius-server-dialupadminfreetype2-32bitfreetype2-x86fvwm2ghostscript-fonts-otherghostscript-fonts-rusghostscript-fonts-stdghostscript-libraryghostscript-omnilibgimpprintglib2-doclibgio-2_0-0-x86libglib-2_0-0-x86libgmodule-2_0-0-x86libgobject-2_0-0-x86libgthread-2_0-0-x86gmimegmime-2_4gmime-doclibgmime-2_0-3libgmime-2_4-2gnome-screensavergnome-screensaver-langlibgnutls26libgnutls26-32bitlibgnutls26-x86gstreamer-0_10-plugins-base-docgstreamer-0_10-plugins-base-x86libgstapp-0_10-0-x86libgstinterfaces-0_10-0-x86gstreamer-0_10-plugins-good-docgtk2-32bitgtk2-docgtk2-x86vim-basejava-1_4_2-ibmjava-1_4_2-ibm-jdbcjava-1_4_2-ibm-pluginjava-1_6_0-ibm-alsakde4-kgreeter-pluginskdebase4-wallpaperskdebase4-workspacekdebase4-workspace-ksysguarddkdmkwinkdebase3-runtimekdebase3-runtime-32bitkdebase3-runtime-x86kdelibs3kdelibs3-32bitkdelibs3-default-stylekdelibs3-default-style-32bitkdelibs3-default-style-x86kdelibs3-x86libkde4-x86libkdecore4-x86kernel-paekernel-pae-basekernel-pae-develkernel-ppc64kernel-ppc64-basekernel-ppc64-develkernel-tracekernel-trace-basekernel-trace-develkrb5-apps-clientskrb5-apps-serverskrb5-x86kvmliblcms1-x86libMagickCore1libMagickCore1-32bitlibQtWebKit4-x86libqt4-qt3support-x86libqt4-sql-x86libqt4-x11-x86libqt4-x86libadns1libapr-util1-32bitlibapr1-32bitlibarchive2libdrmlibdrm-32bitlibdrm-x86libexif-32bitlibexif-x86libexiv2-4libgtoplibgtop-2_0-7libgtop-doclibgtop-langlibiculibicu-32bitlibicu-x86libltdl7-x86libtool-x86libmysqlclient15libmysqlclient15-32bitlibmysqlclient15-x86libmysqlclient_r15mysqlmysql-Maxmysql-clientlibneon27-x86neonlibnetpbm10libnetpbm10-32bitlibnetpbm10-x86libopensc2libopensc2-32bitlibopensc2-x86opensc-32bitopensc-x86libopenssl0_9_8-x86libpng12-0-x86libpoppler-glib4libpoppler-qt4-3libpoppler5libpulse-browse0libpulse0-x86libpython2_6-1_0libpython2_6-1_0-32bitlibpython2_6-1_0-x86python-base-x86pyxmllibrpcsecgsslibsampleratelibsamplerate-32bitlibsamplerate-x86libsndfile-32bitlibsndfile-x86libsnmp15libsnmp15-32bitlibsnmp15-x86libsoup-2_4-1-x86libtiff3libtiff3-32bitlibtiff3-x86libvirt-pythonlibvorbis-32bitlibvorbis-x86libxml2-32bitlibxml2-x86libxslt-32bitlibxslt-x86log4netmanmono-coremono-datamono-data-postgresqlmono-data-sqlitemono-locale-extrasmono-nunitmono-webmono-winformsmozilla-xulrunner190mozilla-xulrunner190-32bitmozilla-xulrunner190-gnomevfsmozilla-xulrunner190-translationsmozilla-xulrunner190-x86mozilla-xulrunner191mozilla-xulrunner191-32bitmozilla-xulrunner191-gnomevfsmozilla-xulrunner191-translationsmozilla-xulrunner191-x86nagiosnagios-wwwnagios-pluginsnagios-plugins-extrasopenssh-askpassopenswanopenswan-docpam-x86pam_krb5-x86pam_ldappam_ldap-32bitpam_ldap-x86pam_mountpam_mount-32bitpam_mount-x86perl-x86perl-spamassassinpostgresql-libspostgresql-libs-32bitpostgresql-libs-x86python-x86qt3qt3-32bitqt3-x86ruby-doc-htmlruby-tkstarsystemtap-clientxen-doc-pdfxen-kmp-paexorg-x11-xauthxpdf-toolsxtermacpidapache2-mod_php53php53php53-bcmathphp53-bz2php53-calendarphp53-ctypephp53-curlphp53-dbaphp53-domphp53-exifphp53-fastcgiphp53-fileinfophp53-ftpphp53-gdphp53-gettextphp53-gmpphp53-iconvphp53-intlphp53-jsonphp53-ldapphp53-mbstringphp53-mcryptphp53-mysqlphp53-odbcphp53-opensslphp53-pcntlphp53-pdophp53-pearphp53-pgsqlphp53-pspellphp53-shmopphp53-snmpphp53-soapphp53-suhosinphp53-sysvmsgphp53-sysvsemphp53-sysvshmphp53-tokenizerphp53-wddxphp53-xmlreaderphp53-xmlrpcphp53-xmlwriterphp53-xslphp53-zipphp53-zlibdbus-1-glib-x86dhcpcddhcpv6ecryptfs-utils-x86edfoomatic-filtersglibc-locale-x86glibc-profile-x86glibc-x86kdenetwork4-filesharingkgetkrdckrfblibtalloc2-x86libcap-progslibcap2libcap2-32bitlibcap2-x86libfreebl3-x86mozilla-nss-x86libgdiplus0mysql-toolspython-newtlibrsvg-32bitlibrsvg-x86libxcryptlibxcrypt-32bitlibxcrypt-x86pam-modules-x86pwdutilspwdutils-plugin-auditlibzip1lvm2mozilla-xulrunner192mozilla-xulrunner192-32bitmozilla-xulrunner192-gnomemozilla-xulrunner192-translationsmozilla-xulrunner192-x86ofedofed-docofed-kmp-defaultofed-kmp-paeofed-kmp-ppc64ofed-kmp-traceopenslp-x86opie-x86pango-32bitpango-docpango-x86pcsc-lite-32bitpcsc-lite-x86perl-libwww-perlpure-ftpdsquid3system-config-printer-langt1libtgttomcat6tomcat6-admin-webappstomcat6-docs-webapptomcat6-javadoctomcat6-jsp-2_1-apitomcat6-libtomcat6-servlet-2_5-apitomcat6-webappsvtevte-docvte-langxorg-x11-libs-32bitxorg-x11-libs-x86MesaMesa-32bitMesa-x86ant-traxkcalckcharselectkdesshkdfkfloppykgpgktimerkwalletmanagerkwikdiskoktetalibboost_thread1_36_0libldap-2_4-2-x86libgnutls-extra26ibutilsibutils-32bitjakarta-commons-httpclient3java-1_7_0-ibmjava-1_7_0-ibm-alsajava-1_7_0-ibm-jdbcjava-1_7_0-ibm-pluginjpeglibjpeglibjpeg-32bitlibjpeg-x86postgresql91postgresql91-contribpostgresql91-docspostgresql91-serverlibsoftokn3-x86libopenssl0_9_8-hmaclibopenssl0_9_8-hmac-32bitlibotr2libproxy0libproxy0-32bitlibproxy0-config-gnomelibproxy0-config-kde4libproxy0-networkmanagerlibproxy0-x86libtspi1libtspi1-32bitlibtspi1-x86trousersnut-classicnfs-clientopenCryptokiopenCryptoki-32bitopenCryptoki-64bitperl-Module-Buildperl-Test-Simplepython-pamtaglib-32bittaglib-x86unixODBC_23virt-utilsx3270xorg-x11-libxcbxorg-x11-libxcb-32bitxorg-x11-libxcb-x86xorg-x11-server-dmxxorg-x11-server-rdpa2psbash-x86libreadline5libreadline5-32bitlibreadline5-x86boost-license1_49_0libboost_system1_49_0libboost_thread1_49_0coreutils-x86libdw1-x86libebl1-x86libelf1-x86fastjarkdebase4-runtimekdirstatlibFLAC8-x86libblkid1-x86libuuid1-x86uuid-runtimelibevent-1_4-2libgcc_s1-x86libstdc++6-x86libgcrypt11libgcrypt11-32bitlibgcrypt11-x86libjasperlibjasper-32bitlibjasper-x86liblzo2-2-x86libmpfr1libmpfr1-32bitlibmpfr1-x86libmysql55client18libmysql55client18-32bitlibmysql55client18-x86libmysql55client_r18libmysql55client_r18-32bitlibmysql55client_r18-x86libpixman-1-0libpixman-1-0-32bitlibpixman-1-0-x86libpulse-mainloop-glib0-x86libtasn1-3libtasn1-3-32bitlibtasn1-3-x86libtevent0-x86openwsman-clientsuseRegisterlxcmozilla-nspr-x86nagios-nrpenagios-nrpe-docnagios-plugins-nrpenfs-docnfs-kernel-serverpoptpopt-32bitpopt-x86rpm-x86python-lxmlsendmailxorg-x11-libX11xorg-x11-libX11-32bitxorg-x11-libX11-x86xorg-x11-libXextxorg-x11-libXext-32bitxorg-x11-libXext-x86xorg-x11-libXfixesxorg-x11-libXfixes-32bitxorg-x11-libXfixes-x86xorg-x11-libXpxorg-x11-libXp-32bitxorg-x11-libXp-x86xorg-x11-libXrenderxorg-x11-libXrender-32bitxorg-x11-libXrender-x86xorg-x11-libXtxorg-x11-libXt-32bitxorg-x11-libXt-x86xorg-x11-libXvxorg-x11-libXv-32bitxorg-x11-libXv-x86curl-openssl1libcurl4-openssl1libcurl4-openssl1-32bitlibldap-openssl1-2_4-2libldap-openssl1-2_4-2-32bitlibopenssl1-developenssl1openssl1-doclibslp1-openssl1libsnmp15-openssl1libsnmp15-openssl1-32bitmailx-openssl1openssh-openssl1openssh-openssl1-helpersopenvpn-openssl1openvpn-openssl1-down-root-pluginsblim-sfcb-openssl1stunnel-openssl1vsftpd-openssl1wget-openssl1GraphicsMagicklibGraphicsMagick2perl-GraphicsMagicklibMagick++1libMagickWand1libMagickWand1-32bitMesa-develMesa-devel-32bitOpenEXR-develhal-devellibpackagekit-glib10-devellibpackagekit-qt10libpackagekit-qt10-develPolicyKit-develXerces-clibXerces-c-devellibXerces-c28a2ps-develant-nodepsapache2-mod_fcgidbind-devel-32bitboinc-clientboinc-client-develboost-devel-32bitboost-doclibboost_date_time1_36_0libboost_date_time1_36_0-32bitlibboost_filesystem1_36_0libboost_filesystem1_36_0-32bitlibboost_graph1_36_0libboost_graph1_36_0-32bitlibboost_iostreams1_36_0libboost_iostreams1_36_0-32bitlibboost_math1_36_0libboost_math1_36_0-32bitlibboost_mpi1_36_0libboost_program_options1_36_0-32bitlibboost_python1_36_0libboost_python1_36_0-32bitlibboost_regex1_36_0-32bitlibboost_serialization1_36_0libboost_serialization1_36_0-32bitlibboost_signals1_36_0-32bitlibboost_system1_36_0libboost_system1_36_0-32bitlibboost_test1_36_0libboost_test1_36_0-32bitlibboost_thread1_36_0-32bitlibboost_wave1_36_0libboost_wave1_36_0-32bitbytefx-data-mysqlmono-data-firebirdmono-data-oraclemono-data-sybasemono-develmono-extrasmono-jscriptmono-wcfmono-winfxcoremonodoc-coregcc48-fortran-32bitcscopecyrus-imapd-develderbylibcom_err-devel-32bitlibext2fs-devel-32bitlibext2fs2-32bitlibext2fs2-x86empathy-develfilesharesetkdebase3kdebase3-32bitkdebase3-develmisc-console-fontlibFLAC++6-x86freetype2-devel-32bitgdk-pixbuf-32bitghostscript-ijs-devellibgimpprint-develgmime-2_4-develgmime-develgmime-sharpgnucashgnucash-develgnucash-langgtk2-devel-32bitibutils-develibutils-devel-32bitlibicu-devel-32bitimlibimlib-32bitimlib-configimlib-develimlib-x86inkscapeinkscape-extensions-diainkscape-extensions-extrainkscape-extensions-figinkscape-extensions-gimpinkscape-langkdebase4-workspace-develkdelibs3-artskdelibs3-arts-32bitkdelibs3-arts-x86kdelibs3-develkdelibs3-dockrb5-devel-32bitlibqt4-sql-mysql-x86libqt4-sql-postgresql-x86libqt4-sql-sqlite-x86libqt4-sql-unixODBC-x86libadns-devellibapr-util1-devel-32bitlibapr1-devel-32bitlibcap-devellibdhcp6client-1_0-2libdhcp6client-devellibdrm-devellibdrm-devel-32bitlibexiv2-4-32bitlibexiv2-4-x86libgadulibgnutls-extra-devellibgpgme11-32bitlibgpgme11-x86libgtop-2_0-7-32bitlibgtop-2_0-7-x86libgtop-devellibjpeg-devellibjpeg-devel-32bitliblcms-devel-32bitpython-lcmssamba-devellibmikmodmpfr-devel-32bitlibmysqlclient_r15-32bitlibmysqlclient_r15-x86libnetpbm-devel-32bitlibpixman-1-0-devellibpng-devellibpng-devel-32bitlibpoppler-qt2libpoppler-qt3-develreadline-devel-32bitlibreoffice-base-extensionslibreoffice-draw-extensionslibreoffice-impress-extensionslibreoffice-kdelibreoffice-kde4libreoffice-l10n-prebuiltlibreoffice-monolibreoffice-l10n-en-GBlibreoffice-l10n-gu-INlibreoffice-l10n-hi-INlibreoffice-l10n-ptlibreoffice-l10n-zh-CNlibreoffice-l10n-zh-TWlibreoffice-help-cslibreoffice-help-dalibreoffice-help-delibreoffice-help-en-GBlibreoffice-help-en-USlibreoffice-help-eslibreoffice-help-frlibreoffice-help-gu-INlibreoffice-help-hi-INlibreoffice-help-hulibreoffice-help-itlibreoffice-help-jalibreoffice-help-kolibreoffice-help-nllibreoffice-help-pllibreoffice-help-ptlibreoffice-help-pt-BRlibreoffice-help-rulibreoffice-help-svlibreoffice-help-zh-CNlibreoffice-help-zh-TWlibreoffice-testtoollibsamplerate-develnet-snmp-devel-32bitlibsoup-devel-32bitlibssh2libssh2-1-x86libsss_sudo-devellibthailibtiff-devel-32bitlibtunepimplibtunepimp-devellibtunepimp5libwebkit-1_0-1libwebkit-1_0-2libwebkit-devellibwebkit-langlibwmf-32bitlibwmf-gnome-32bitlibwmf-gnome-x86libwmf-x86libwpd-0_8-8libxcrypt-devellibxine-devellibxine1libxine1-32bitlibxine1-gnome-vfslibxine1-pulselibxmllibxml-32bitlibxml-devellibxml2-devel-32bitlxc-devellzo-devel-32bitmozilla-xulrunner192-develmozilla-xulrunner192-gnome-32bitmozilla-xulrunner192-translations-32bitnagios-develnovell-ipsec-toolsnovell-ipsec-tools-develobex-data-serverofed-developenCryptoki-developensc-develpango-devel-32bitperl-DBD-Pgphp53-develphp53-imapphp53-posixphp53-readlinephp53-socketsphp53-sqlitephp53-tidypopt-develpopt-devel-32bitrpm-devel-32bitpwlibpwlib-develpython-cryptopython-imaging-sanepython-logilab-commonpython-lxml-docqt3-develqt3-devel-32bitqt3-devel-docqt3-devel-toolsqt3-devel-tools-32bitruby-doc-riruby-examplesruby-test-suiterubygem-actionmailer-3_2rubygem-actionpack-3_2rubygem-activemodel-3_2rubygem-activeresource-3_2rubygem-rails-3_2rubygem-railties-3_2rubygem-activerecord-3_2rubygem-activesupport-3_2rubygem-bundlerrubygem-i18n-0_6rubygem-json_purerubygem-rack-sslrubygem-rdocrubygem-sprockets-2_2rxvt-unicodesendmail-develstrutsstruts-javadocstruts-manualt1lib-develtaglib-develtexlive-arabtexlive-bintexlive-bin-cjktexlive-bin-dviljtexlive-bin-jadetextexlive-bin-latextexlive-bin-metaposttexlive-bin-musictextexlive-bin-omegatexlive-bin-tex4httexlive-bin-toolstexlive-bin-xetextexlive-bin-xmltextexlive-develtexlive-doctexlive-dviljtexlive-latex-doctexlive-musictextexlive-ppower4trousers-develunixODBC_23-develvalgrindvalgrind-develvte-develxalan-j2-javadocxorg-x11-devel-32bitxorg-x11-libX11-develxorg-x11-libX11-devel-32bitxorg-x11-libXext-develxorg-x11-libXext-devel-32bitxorg-x11-libXfixes-develxorg-x11-libXfixes-devel-32bitxorg-x11-libXp-develxorg-x11-libXp-devel-32bitxorg-x11-libXrender-develxorg-x11-libXrender-devel-32bitxorg-x11-libXt-develxorg-x11-libXt-devel-32bitxorg-x11-libXv-develxorg-x11-libXv-devel-32bitxorg-x11-libxcb-develxorg-x11-libxcb-devel-32bitphp5-ncursesphp5-readlinephp5-tidybeaglebeagle-develbeagle-langinninn-develinst-source-utilsjava-1_4_2-ibm-develjava-1_6_0-ibm-develjava-1_7_0-ibm-develpostgresql91-develperl-base-x86python-httplib2rubygem-rack-1_3rubygem-rackrubygem-actionmailer-2_3rubygem-actionpack-2_3rubygem-activerecord-2_3rubygem-activeresource-2_3rubygem-activesupport-2_3rubygem-railsrubygem-rails-2_3rubygem-actionpack-2_1rubygem-mail-2_3rubygem-rack-cache-1_1giflib-devel-32bitkde4-l10n-de-datakde4-l10n-de-docpostgresql91-libsgnu-efilibtidylibbotan-1_6_5firefox-fontconfigfirefox-fontconfig-develSDL-32bitSDL-develSDL-devel-32bitSDL_imageSDL_image-develavahi-monobzrcairo-devel-32bitcairo-docfontconfig-devel-32bitcpp43gcc43gcc43-adagcc43-fortrangcc43-fortran-32bitgcc43-obj-c++gcc43-objcgcc43-objc-32bitlibada43libobjc43libobjc43-32bitlibcap-nglibcap-ng-develpython-capnglibdb-4_5libdb-4_5-devellibdb_java-4_5libical0-32bitlibofx4google-carlito-fontslibmythes-1_2-0mythesmythes-develpython-importliblibmxml1mxmlntfs-3g-devellibopenssl-devel-32bitperl-SOAP-Literubygem-mail-2_4sane-backends-x86portaudioportaudio-develxorg-x11-libICExorg-x11-libICE-develxorg-x11-libICE-devel-32bitxorg-x11-libXdmcpxorg-x11-libXdmcp-32bitxorg-x11-libXdmcp-develxorg-x11-libXdmcp-devel-32bitxorg-x11-libXpmxorg-x11-libXpm-develxorg-x11-libXpm-devel-32bityast2-storageyast2-storage-devellibcurl4-openssl1-x86libopenssl1_0_0-x86libldap-openssl1-2_4-2-x86openldap2-client-openssl1openslp-openssl1acroreadacroread-cmapsacroread-fonts-jaacroread-fonts-koacroread-fonts-zh_CNacroread-fonts-zh_TWacroread_jaibm-data-db2compat-openssl097gcompat-openssl097g-32bitMozillaFirefox-branding-SLEDbeagle-evolutionbeagle-firefoxbeagle-guimhtml-firefoxflash-player-kde4java-1_6_0-openjdkjava-1_6_0-openjdk-demojava-1_6_0-openjdk-develkernel-pae-extrakernel-trace-extrakernel-xen-extraxen-kmp-tracepermissionslibproxy0-config-gnome-32bitlibproxy0-networkmanager-32bitlibxml2-pythonopenssl-certsquotavm-installcabextractcompat-wireless-kmp-defaultcompat-wireless-kmp-paecompat-wireless-kmp-xengiflib-32bitlibgstbasecamerabinsrc-0_10-0libgstbasecamerabinsrc-0_10-0-32bitlibgstbasevideo-0_10-0libgstbasevideo-0_10-0-32bitlibgstphotography-0_10-0libgstphotography-0_10-0-32bitlibgstsignalprocessor-0_10-0libgstsignalprocessor-0_10-0-32bitlibgstvdp-0_10-0libgstvdp-0_10-0-32bitkde4-l10n-arkde4-l10n-cskde4-l10n-dakde4-l10n-da-datakde4-l10n-da-dockde4-l10n-dekde4-l10n-en_GBkde4-l10n-eskde4-l10n-es-datakde4-l10n-es-dockde4-l10n-frkde4-l10n-fr-datakde4-l10n-fr-dockde4-l10n-hukde4-l10n-itkde4-l10n-it-datakde4-l10n-it-dockde4-l10n-jakde4-l10n-kokde4-l10n-nbkde4-l10n-nlkde4-l10n-nl-datakde4-l10n-nl-dockde4-l10n-plkde4-l10n-pl-datakde4-l10n-pl-dockde4-l10n-ptkde4-l10n-pt_BRkde4-l10n-pt_BR-datakde4-l10n-pt_BR-dockde4-l10n-rukde4-l10n-ru-datakde4-l10n-ru-dockde4-l10n-svkde4-l10n-sv-datakde4-l10n-sv-dockde4-l10n-zh_CNkde4-l10n-zh_TWkdebase4-runtime-xinekernel-bigsmp-develkernel-bigsmpnovell-qtguinovell-qtgui-clinovell-ui-baseorcaorca-langpwlib-plugins-avcpwlib-plugins-dcpwlib-plugins-v4l2wpa_supplicant-guisle-hae-releasecluster-network-kmp-bigsmpcluster-network-kmp-paecluster-network-kmp-ppc64cluster-network-kmp-tracegfs2-kmp-bigsmpgfs2-kmp-paegfs2-kmp-ppc64gfs2-kmp-traceocfs2-kmp-bigsmpocfs2-kmp-paeocfs2-kmp-ppc64ocfs2-kmp-tracedrbd-kmp-bigsmpcluster-network-kmp-bigmemdrbd-bash-completiondrbd-heartbeatdrbd-kmpdrbd-kmp-bigmemdrbd-kmp-paedrbd-kmp-ppc64drbd-kmp-tracedrbd-pacemakerdrbd-udevdrbd-utilsdrbd-xengfs2gfs2-kmp-bigmemocfs2ocfs2-kmp-bigmemfirefox-gcc5firefox-libffi-gcc5firefox-libffi4firefox-libstdc++6POS_Image-Minimal3POS_Image-Netboot-hooksPOS_Image-ToolsPOS_Image3POS_MigrationPOS_Server-Admin3POS_Server-AdminGUIPOS_Server-AdminTools3POS_Server-BranchTools3POS_Server-Modules3POS_Server3admindadmind-clientposbiosgcc43-c++gcc43-infogcc43-localelibstdc++43-develkernel-ec2-basemicrocode_ctliscsitarget-kmp-rtbrocade-bna-kmp-rtcluster-network-kmp-rt_tracedrbd-kmp-rtdrbd-kmp-rt_tracekernel-rt_tracekernel-rt_trace-basekernel-rt_trace-develocfs2-kmp-rt_traceofed-kmp-rtiscsitarget-kmp-rt_tracelttng-modules-kmp-rtlttng-modules-kmp-rt_traceofed-kmp-rt_tracegfs2-kmp-rt_traceiscsitargetjava-1_4_2-ibm-sapjava-1_4_2-ibm-sap-develsap_suse_cluster_connectorrhn-virtualization-commonrhn-virtualization-hostrhncfgrhncfg-actionsrhncfg-clientrhncfg-managementkoanrhnmdspacewalk-certs-toolsspacewalk-checkspacewalk-client-setupspacewalk-client-toolsmgr-cfgmgr-cfg-actionsmgr-cfg-clientmgr-cfg-managementmgr-daemonmgr-osadmgr-virtualizationmgr-virtualization-hostpython2-mgr-cfgpython2-mgr-cfg-actionspython2-mgr-cfg-clientpython2-mgr-cfg-managementpython2-mgr-osa-commonpython2-mgr-osadpython2-mgr-virtualization-commonpython2-mgr-virtualization-hostspacewalk-remote-utilscobblerSUSE_SLES_SAP-releasegconf2gconf2-32bitgconf2-x86libidllibidl-32bitlibidl-x86orbit2orbit2-32bitorbit2-x86acllibacllibacl-32bitlibacl-x86libgcc43libgcc43-32bitlibgcc43-x86libstdc++43libstdc++43-32bitlibstdc++43-x86keyutils-libskeyutils-libs-32bitkeyutils-libs-x86libidn-32bitlibidn-x86cyrus-sasl-crammd5-x86cyrus-sasl-gssapi-x86cyrus-sasl-otp-x86cyrus-sasl-plain-x86cyrus-sasl-x86gtkhtml2gtkhtml2-langcdparanoiacdparanoia-32bitcdparanoia-x86desktop-file-utilsfamfam-32bitfam-x86gnome-vfs2gnome-vfs2-32bitgnome-vfs2-x86gstreamer-0_10libogg0libogg0-32bitlibogg0-x86liboilliboil-32bitliboil-x86libgpg-error0libgpg-error0-32bitlibgpg-error0-x86iscsitarget-kmp-defaultiscsitarget-kmp-paeiscsitarget-kmp-ppc64iscsitarget-kmp-vmiiscsitarget-kmp-xenjava-1_5_0-beajava-1_5_0-bea-consolejava-1_5_0-bea-fontsjava-1_5_0-bea-jdbcjava-1_6_0-ibm-alsa-x86java-1_6_0-ibm-x86kde4-akonadikde4-akregatorkde4-kaddressbookkde4-kalarmkde4-kjotskde4-kmailkde4-knodekde4-knoteskde4-kontactkde4-korganizerkde4-ktimetrackerkde4-ktnefkdepim4kdepim4-wizardskdepimlibs4libakonadi4libkdepim4libkdepimlibs4kde4-gwenviewkde4-kcolorchooserkde4-krulerkde4-ksnapshotkde4-okularlibkipi5kde4-kdmkde4-kwinkde4-kgetkde4-knewstickerkde4-kopetekde4-krdckde4-krfbutempterutempter-32bitutempter-x86ext4dev-kmp-defaultext4dev-kmp-paeext4dev-kmp-ppc64ext4dev-kmp-vmiext4dev-kmp-xenkernel-kdumpkernel-vmikernel-vmi-basekvm-kmp-defaultkvm-kmp-paelibHX13libHX13-32bitlibHX13-x86libesmtpzlib-32bitzlib-x86libpoppler4libtheora0libtheora0-32bitlibtheora0-x86libvolume_id1open-iscsiperl-IO-Socket-SSLwebsphere-as_celibcmpiutillibvirt-cimvirt-vieweryast2-ldap-serverConsoleKitConsoleKit-32bitConsoleKit-x11ConsoleKit-x86firefox-libgcc_s1NetworkManager-kde4NetworkManager-kde4-langNetworkManager-kde4-libsNetworkManager-openvpn-kde4NetworkManager-pptp-kde4plasmoid-networkmanagementamandaapache2-mod_pythonapportapport-crashdb-sleapport-gtkarpwatchaudiofile-32bitcairo-32bitcracklib-32bitmozilla-kde4-integrationfirefox-gio-branding-upstreamfirefox-glib2firefox-glib2-langfirefox-glib2-toolsfirefox-gtk3firefox-gtk3-branding-upstreamfirefox-gtk3-datafirefox-gtk3-immodule-amharicfirefox-gtk3-immodule-inuktitutfirefox-gtk3-immodule-multipressfirefox-gtk3-immodule-thaifirefox-gtk3-immodule-vietnamesefirefox-gtk3-immodule-ximfirefox-gtk3-immodules-tigrignafirefox-gtk3-langfirefox-gtk3-toolsfirefox-libgtk-3-0libfirefox-gio-2_0-0libfirefox-glib-2_0-0libfirefox-gmodule-2_0-0libfirefox-gobject-2_0-0libfirefox-gthread-2_0-0firefox-at-spi2-atkfirefox-at-spi2-corefirefox-at-spi2-core-langfirefox-atkfirefox-atk-langfirefox-cairofirefox-dbus-1-glibfirefox-freetype2firefox-gdk-pixbuffirefox-gdk-pixbuf-langfirefox-gdk-pixbuf-query-loadersfirefox-gdk-pixbuf-thumbnailerfirefox-harfbuzzfirefox-libatk-1_0-0firefox-libatk-bridge-2_0-0firefox-libatspi0firefox-libcairo-gobject2firefox-libcairo2firefox-libfreetype6firefox-libgdk_pixbuf-2_0-0firefox-libharfbuzz0firefox-libpango-1_0-0firefox-libpixman-1-0firefox-pangofirefox-pixmangcc43-32bitlibstdc++43-devel-32bitlibstdc++43-docgnome-sessiongnome-session-langgwenviewkcolorchooserkrulerksnapshotlibkexiv2-7libkipi6jakarta-commons-collectionsjakarta-commons-collections-javadocjakarta-commons-collections-tomcat5kde4-l10n-bgkde4-l10n-cakde4-l10n-csbkde4-l10n-elkde4-l10n-etkde4-l10n-eukde4-l10n-fikde4-l10n-gakde4-l10n-glkde4-l10n-hikde4-l10n-iskde4-l10n-kkkde4-l10n-kmkde4-l10n-kukde4-l10n-ltkde4-l10n-lvkde4-l10n-mkkde4-l10n-mlkde4-l10n-ndskde4-l10n-nnkde4-l10n-pakde4-l10n-rokde4-l10n-slkde4-l10n-thkde4-l10n-trkde4-l10n-ukkde4-l10n-wabtrfs-kmp-defaultbtrfs-kmp-paebtrfs-kmp-xenext4dev-kmp-tracehyper-v-kmp-defaulthyper-v-kmp-paehyper-v-kmp-tracekrb5-pluginslhadb-docdb-utilsdb-utils-doclibdb-4_5-32bitlibical0liblouis0libopenssl0_9_8-hmac-x86libpciaccess0libpciaccess0-32bitlibpciaccess0-x86libraptor1man-pagesfirefox-gcc47nautilus-32bitcxgb3-firmwarelibslp1-openssl1-32bitlibopenssl1-devel-32bitperfperl-Config-Generalpixmanpostfixpostfix-docpostfix-mysqlpython27python27-32bitpython27-basepython27-base-32bitpython27-cursespython27-demopython27-develpython27-docpython27-doc-pdfpython27-gdbmpython27-idlepython27-tkpython27-xmlpython27-setuptoolsquota-nfsjacklibjack0xorg-x11-libICE-32bitxorg-x11-libXpm-32bityast2-storage-liblibpq5-x86python-ecdsasuseRegisterInfoMozillaFirefox-branding-SLES-for-VMwaregdbgiflib-x86intel-SINITkernel-bigsmp-baseiscsitarget-kmp-bigsmpofed-kmp-bigsmporacleasm-kmp-bigsmplibcap-ng-utilslibcap-ng0libcap-ng0-32bitcloud-initcloud-init-config-susecloud-init-docgrowpartpython27-Cheetahpython27-Jinja2python27-MarkupSafepython27-PrettyTablepython27-PyJWTpython27-PyYAMLpython27-argparsepython27-blinkerpython27-boto3python27-botocorepython27-cffipython27-configobjpython27-cryptographypython27-dateutilpython27-docutilspython27-ecdsapython27-enum34python27-futurespython27-httplib2python27-idnapython27-ipaddresspython27-jmespathpython27-jsonpatchpython27-jsonpointerpython27-jsonschemapython27-lockfilepython27-oauthpython27-oauthlibpython27-paramikopython27-plypython27-pyasn1python27-pyasn1-modulespython27-pycparserpython27-pycryptopython27-pyserialpython27-pytestpython27-python-daemonpython27-requestspython27-s3transferpython27-simplejsonpython27-sixSDL-x86audiofile-x86libavahi-glib1-x86cairo-x86cracklib-x86crash-eppicfontconfig-x86kernel-bigmemkernel-bigmem-basekernel-bigmem-develiscsitarget-kmp-bigmemiscsitarget-kmp-traceofed-kmp-bigmemoracleasm-kmp-bigmemoracleasm-kmp-paeoracleasm-kmp-ppc64oracleasm-kmp-traceoracleasm-kmp-xenlibdb-4_5-x86perl-Sys-Virtnautilus-x86libncurses5-x86libncurses6-x86pam_pkcs11-x86libsqlite3-0-x86xorg-x11-libICE-x86xorg-x11-libXdmcp-x86xorg-x11-libXpm-x86suse-openstack-cloud-releasecrowbar-barclamp-trovecrowbar-barclamp-neutronopenstack-neutron-docopenstack-neutron-ibm-agentopenstack-neutron-mlnx-agentopenstack-neutron-nec-agentopenstack-neutron-nvsd-agentopenstack-neutron-plugin-ciscoopenstack-neutron-restproxy-agentopenstack-neutron-ryu-agentopenstack-neutron-servernovncopenstack-ceilometer-agent-centralopenstack-ceilometer-agent-ipmiopenstack-ceilometer-agent-notificationopenstack-ceilometer-alarm-evaluatoropenstack-ceilometer-alarm-notifieropenstack-ceilometer-apiopenstack-ceilometer-collectoropenstack-ceilometer-docopenstack-cinder-apiopenstack-cinder-backupopenstack-cinder-docopenstack-cinder-scheduleropenstack-glanceopenstack-glance-docopenstack-heatopenstack-heat-apiopenstack-heat-api-cfnopenstack-heat-api-cloudwatchopenstack-heat-docopenstack-heat-engineopenstack-keystoneopenstack-keystone-docopenstack-saharaopenstack-sahara-apiopenstack-sahara-docopenstack-sahara-enginepython-glancepython-heatpython-keystonepython-oslo.i18npython-oslo.utilspython-oslotestpython-saharapython-sixcrowbar-barclamp-nova_dashboardopenstack-dashboardpython-django_openstack_authpython-horizonopenstack-nova-apiopenstack-nova-cellsopenstack-nova-certopenstack-nova-conductoropenstack-nova-consoleopenstack-nova-consoleauthopenstack-nova-docopenstack-nova-novncproxyopenstack-nova-objectstoreopenstack-nova-scheduleropenstack-nova-serialproxyopenstack-nova-vncproxyopenstack-swiftopenstack-swift-accountopenstack-swift-containeropenstack-swift-docopenstack-swift-objectopenstack-swift-proxypython-swiftopenstack-troveopenstack-trove-apiopenstack-trove-conductoropenstack-trove-docopenstack-trove-guestagentopenstack-trove-taskmanagerpython-trovepython-Pillowpython-openstackclientruby2.1-rubygem-sprockets-2_11ruby2.1-rubygem-actionpack-4_1rubygem-actionpack-4_1ruby2.1-rubygem-actionview-4_1rubygem-actionview-4_1ruby2.1-rubygem-activemodel-4_1rubygem-activemodel-4_1ruby2.1-rubygem-activerecord-4_1rubygem-activerecord-4_1ruby2.1-rubygem-activesupport-4_1rubygem-activesupport-4_1ruby2.1-rubygem-bson-1_11ruby2.1-rubygem-easy_diffruby2.1-rubygem-redcarpetrubygem-bson-1_11rubygem-easy_diffrubygem-redcarpetrubygem-sprockets-2_11ruby2.1-rubygem-rack0:4.12.14-23150:2.4.4-30:4.7.6+git.54.6e3276c9872-20:4.0.25+git.1524215631.8f9c770a-20:1.8.8-10:1.1.18+20180430.b12c320f5-10:5.1.4-10:2.2.2-20:1.8.2-10:2.0.3-10:1.0.4-20:4.12.14-19515.10:2.4.4-70:4.9.5+git.149.9593f64a5c3-10:4.2.1+git.1537269352.7b1fd536-50:1.8.17~git0.e89d25b2-60:2.0.1+20190417.13d370ca9-10:5.1.4-3.30:2.2.2-4.30:3.7.2-3.30:84.87+git20180409.04c9dae-10:1.1.5-40:3.1-20:2.12-50:1.6.3-10:1.6.1-20:2.8.1-30:1.10.1-10:5.1.3-50:1.15.1-20:1.4.18-20:0.6.32-30:4.4-70:7.0-70:9.11.2-100:2.29.1-40:1.0.6-30:1.14.0-10:1.15.10-20:13.0.2.1874+ge31585919b-10:3.2-70:6.5-10:0.100.0-10:1.4.4-10:8.29-20:2.12-10:2.9.6-20:4.2-40:1.5.1-40:2.2.7-10:1.20.3-10:7.60.0-10:2.1.26-30:1.12.2-10:0.108-10:4.3.5-40:2.78-10:044.1-160:0.7.3-20:111-20:0.168-20:25.3-10:1.6.6-10:2.2.5-10:6.3.26-30:5.32-50:0.5.3-20:1.3.2-10:2.9-20:2.9.7-10:7.6.4-10:2.36.11-30:2.42.3-10:9.23-10:5.1.4-20:2.16.3-10:2.54.3-20:2.26-110:3.6.2-40:2.2.5-20:1.10.0-20:1.3.11-20:1.22.3-30:2.02-170:1.12.5-10:2.24.32-20:1.9-20:1.0+git.e66999f-10:3.17.9-30:7-40:0.8.2-50:s20161105-60:10.0.1.0-10:2.0.4-60:0.8.16-120:20180416-10:1.15.2-40:1.7.0-20:530-10:4.8.3-20:1.0.7-10:3.22-10:1.0.9-10:5.9.4-60:1.6.5-10:1.2.0-10:1.1.15-10:1.1.2-10:1.3.3-10:5.0.3-10:1.5.4-10:1.7.9-10:1.1.3-10:1.0.3-10:1.5.1-20:0.9.10-10:1.1.5-20:1.2.3-10:1.0.11-10:1.0.10-10:1.8.0-110:1.1.4-10:3.3.2-10:2.31.1-70:5.48-30:1.4.2-10:0.6.12-20:2.1.8-20:3.36.1-10:1.8.2-40:0.7.2-10:3.4-20:2.0.0-10:1.34-10:2.0.4-10:1.16.1-10:2.9-10:2.0.14-10:2.20.2-10:2.1-10:62.2.0-30:8.1.2-30:0.13-10:1.3.5-20:2.4.46-70:2.4.6-10:2.10-20:1.2.11-10:4.0.1-10:0.6-10:0.30.2-20:0.52.20-50:1.31.1-10:1.10.6-30:2.6.2-10:2.3.0-10:1.1.0h-20:1.1.0h-10:1.2.1-10:0.9.6-20:1.40.14-10:8.41-40:10.31-10:1.8.23-20:1.2.57-20:1.6.34-10:0.114-10:0.62.0-20:10.3-20:0.4.15-20:11.1-40:2.7.14-50:3.6.5-10:8.0.2-10:1.7.0-40:1.0.0-10:1.3.9-20:1.0.3-20:0.4.8-10:1.0.28-30:5.7.3-50:2.62.2-10:0.34-10:3.23.1-10:0.7.5-40:1.8.0-20:234-220:1.11.1-20:4.13-20:0.1.27-10:4.0.9-30:2.6.5-10:1.6.8-10:1.2.1-20:4.0.0-70:10.2.5-10:1.3.6-20:1.6.1-40:5.1.0-20:1.13-10:3.1.4-10:1.1.32-10:0.1.7-10:1.5.1-10:4.2.3-10:17.3.1-10:0.13.69-10:3.13.0-20:12.5-10:2.7.1-10:4.19-10:1.9.1-10:0.17.0-10:2.0.0-40:7.6p1-70:2.4.3-30:2.4-10:16.02-50:1.3.0-40:2.4.13-10:2.1-20:2.26-10:1.4.28-10:5.26.1-50:4.046-10:3.72-10:6.06-10:2.0132-10:2.6-30:10-60:3.22-20:2.10-10:0.12.13-10:1.14.0-20:2.4.1-10:10.0.1-10:17.5.0-10:2.6.1-10:0.11.0-20:2.18.4-10:2018.3.0-30:1.22-40:2.11.1-70:2.17-30:0.2.3-30:3.1.3-20:8.33.1-10:0.12.21~rc-10:4.6.2-30:4.5-50:4.15.2-20:14-50:4.3-10:5.6.0-20:1.10.0-10:1.8.22-20:0.84.3-10:2.0-20:2.88+-10:5.3.0-10:1.30-10:20170711_1.9.6-40:4.9.2-10:5.2-30:3.0.4-10:20180425-10:2.3.6-10:6.00-20:1.19.0.4-20:8.0.1568-30:0.5.3+git20180125-10:1.19.5-10:2.6-20:20170508-30:4.10.1_04-10:2.99.917+git781.c8990575-10:7.6_1-10:1.1.0-10:7.6.1-10:1.19.6-60:5.37-30:4.0.77-10:4.0.2-10:4.0.5-10:0.6.0-10:1.14.5-10:84.87+git20180409.04c9dae-3.60:1.1.5-6.60:2.11.1-6.30:2.12.2-7.170:1.6.1-4.30:5.1.3-7.30:0.7-10:1.4-5.30:4.4-9.70:7.0-9.70:9.11.2-12.80:2.31-50:0.4.2-10:1.15.10-4.50:14.2.0.300+gacd2f2b9e1-10:3.2-9.60:0.100.3-3.90:2.2.7-3.110:7.60.0-3.170:2.1.26-5.30:1.12.2-60:2.78-50:044.2-18.240:1.43.8-4.30:25.3-3.30:5.32-7.50:0.5.5-4.240:1.3.2-3.30:2.9.7-3.30:1.1.37-3.30:9.26a-3.150:2.16.4-3.90:2.54.3-4.100:2.26-13.190:2.26-80:2.26-13.80:3.6.7-6.80:2.2.5-4.60:1.10.0-4.30:2.02-240:3.18.6-5.70:11.0.3.0-3.240:1.5-10:2.0.4-8.30:0.9.0-20:20190118-10:1.16.3-10:4.8.4-30:5.9.7-110:1.6.5-3.30:1.9.0-170:3.3.2-3.80:2.33.1-20:5.48-5.130:0.99.beta19.git20171003-3.30:3.41.1-3.130:1.8.2-60:1.12.5-3.30:3.4.1-4.90:1.16.1-3.180:2.0.14-3.30:2.24.1-3.240:62.2.0-5.70:8.1.2-5.70:2.9-3.30:2.4.46-9.30:1.4.6-10:5.3.4-3.30:1.2.11-3.60:0.6-3.30:6.1-5.30:10.80.1-3.30:1.10.6-5.30:1.1.0i-120:1.1.0i-3.30:1.40.14-3.30:1.8.24-10:0.114-3.60:10.6-60:2.7.14-7.110:3.6.5-3.110:1.0.28-5.50:5.7.3-80:2.62.2-3.30:0.35-10:3.28.0-3.60:0.8.4-80:1.8.0-4.60:234-24.250:4.13-4.20:4.0.9-5.270:2.6.5-3.70:1.6.8-80:5.1.0-60:10.3.10-10:1.3.6-4.30:5.1.0-4.30:2.4.14-3.250:1.13-3.30:3.1.4-3.30:0.8.2-3.30:2.9.7-3.60:1.6.2-40:4.2.3-3.30:17.11.4-10:0.13.69-3.30:3.13.0-4.30:4.20-3.30:1.10.1-3.30:0.19.0-10:2.0.0-6.30:7.9p1-40:2.4.3-5.30:1.3.0-6.60:2.7.6-30:5.26.1-7.60:1.60-3.30:3.4.2-100:2.8-90:1.3.6-10:2.10.1-3.50:2.1.4-4.30:1.14.0-4.50:2.4.2-40:17.5.0-3.30:2.20.0-40:2019.2.0-40:1.24-70:3.1.0-70:0.2.3-5.30:4.14.1-10.160:8.33.1-3.90:4.6-10:15+git47-10:1.7.3.2-40:1.10.0-3.30:1.8.22-4.30:3.1.1-5.100:12.0.2-3.60:1.30-3.30:20170711_1.9.8-80:4.9.2-3.30:3.1.2-50:20190507-10:6.00-4.80:1.19.5-3.60:2.6-4.110:4.12.0_12-10:1.1.0-3.40:1.20.3-120:4.1.2-50:4.1.1-60:4.1.12-10:2.1.0-10:5.6-50:1.14.27-10:0.2.9+gitr706_06b9cb351610-30:1.0.0rc4+gitr3338_3f2f8b84a77f-40:17.09.1_ce-40:1.2.2-5.90:18.09.1_ce-6.140:0.7.0.1+gitr2711_2cfbf9b1f981-4.90:1.0.0rc6+gitr3748_96ec2177ae84-6.150:1.0.0~rc6-1.30:1.0.1-20:7.0.7.34-10:52.7.3-10:1.1.10-20:0.6.45-40:0.3.6-10:0.2.0-10:0.1.26-10:1.10.6-10:0.2.6-10:3.26.2-30:3.26.0+20180128.1bd86963-20:0.10.4-20:1.1-10:3.26.2.1-110:3.20.1-30:3.26.2-60:3.26.2+20180130.0d9c74212-20:1.4.14-10:1.5.0-10:2.2.1-10:2.0.8-10:0.14.0-10:3.4.2-20:0.94-40:2.4.5-10:0.6.21-30:0.26-40:0.6.2-10:2.0.2-10:0.9-20:1.2.0+git20170122.45fda81-10:6.2.3-90:1.3.5-90:1.18-90:5.2.4-90:2.1.0beta2-90:2017.20170520.svn30357-90:2017.20170520-90:2017.133.0.0.3svn15878-60:2017.133.1.2svn41578-60:2017.133.0.000.955svn37556-60:2017.133.svn15878-60:2017.133.3.28svn34303-60:2017.133.15svn27540-60:2017.133.4.21svn15878-60:2017.133.1.4svn15878-60:2017.133.1.8bsvn38238-60:2017.133.1.7esvn25918-60:2017.133.2.3asvn15878-60:2017.133.1.36svn15878-60:2017.133.svn17022-60:2017.133.2.14svn19603-60:2017.133.1.22bsvn15878-60:2017.133.svn29725-60:2017.20170520.svn27321-90:2017.133.svn20943-60:2017.133.4svn17020-60:2017.133.6.0svn39929-60:2017.133.2.0bsvn41157-60:2017.133.1.9.6svn39913-60:2017.133.1._svn27880-60:2017.133.1.2asvn15878-60:2017.133.1.8.0svn44380-60:2017.133.svn32089-60:2017.133.0.0.25svn18835-60:2017.20170520.svn12688-90:2017.133.3.10isvn44425-60:2017.133.1.39svn44367-60:2017.133.1.3svn15878-60:2017.133.2.7asvn43186-60:2017.133.1.41svn36582-60:2017.133.0.0.1svn20498-60:2017.133.0.0.3asvn15878-60:2017.133.2.0svn43751-60:2017.133.1.0svn43768-60:2017.133.1svn41972-60:2017.133.0.0.2asvn37805-60:2017.133.2.42svn26048-60:2017.133.1.001_b_2svn20019-60:2017.133.1.001svn19766-60:2017.133.svn29349-60:2017.20170520.svn28038-90:2017.133.1.1svn28936-60:2017.133.1.0svn26555-60:2017.133.svn44085-60:2017.133.1.3svn17683-60:2017.133.1.0svn39438-60:2017.133.svn20538-60:2017.133.1.0svn28574-60:2017.133.svn44166-60:2017.20170520.svn44143-90:2017.133.1.3svn35900-60:2017.133.2.7svn15878-60:2017.133.1.6bsvn17156-60:2017.133.3.6svn15878-60:2017.133.svn34016-60:2017.133.0.0.3.2svn26055-60:2017.133.1.5isvn15878-60:2017.133.svn42077-60:2017.133.1.1svn38055-60:2017.133.5.1svn38805-60:2017.133.0.0.1svn42428-60:2017.133.1.000svn44497-60:2017.133.2.1.1svn42221-60:2017.133.0.0.92svn35065-60:2017.133.0.0.03svn15878-60:2017.133.3.7csvn23385-60:2017.133.1.1svn15878-60:2017.133.4.3.2svn36030-60:2017.133.0.0.109svn44303-60:2017.133.1.1svn29630-60:2017.133.svn36804-60:2017.133.3.04svn29208-60:2017.133.2.3svn28980-60:2017.133.2.0svn21855-60:2017.133.svn43813-60:2017.133.svn22930-60:2017.133.2.14svn30646-60:2017.133.2.2svn44166-60:2017.20170520.svn3006-90:2017.133.svn44410-60:2017.133.1.1asvn17049-60:2017.133.2.1svn33441-60:2017.133.2.16svn35032-60:2017.133.001.003svn24266-60:2017.133.0.0.8svn21933-60:2017.133.2.08svn18651-60:2017.133.svn26053-60:2017.133.svn17050-60:2017.133.1.0svn32662-60:2017.133.1.20svn44282-60:2017.133.1.3.4svn42428-60:2017.133.2.31svn44477-60:2017.133.0.0.3svn23350-60:2017.133.6.03svn31264-60:2017.133.svn42045-60:2017.133.1.6svn39710-60:2017.133.1.2bsvn42428-60:2017.133.svn40322-60:2017.133.4.02svn19306-60:2017.133.1.0svn28400-60:2017.133.1.0.5svn44478-60:2017.133.1.1svn25095-60:2017.133.1.0svn37709-60:2017.133.1.8.4svn44241-60:2017.133.3.17svn25711-60:2017.133.1.2.1svn38299-60:2017.133.1.0svn30042-60:2017.133.3.0svn29762-60:2017.20170520.svn29036-90:2017.133.2.31svn44484-60:2017.133.svn38005-60:2017.133.1svn15878-60:2017.133.svn42880-60:2017.133.3.0_beta3svn33894-60:2017.135.svn15878-60:2017.135.svn42675-60:2017.135.1.04svn18125-60:2017.135.1.0svn31576-60:2017.135.march_2017svn43509-60:2017.135.0.0.3svn38741-60:2017.135.1.73svn40847-60:2017.135.1.0asvn15878-60:2017.135.1.0svn40201-60:2017.135.2.3svn29129-60:2017.135.svn20536-60:2017.135.2.0svn29989-60:2017.135.2.2svn41158-60:2017.135.0.0.1svn32320-60:2017.135.2.0svn25243-60:2017.135.svn20431-60:2017.135.0.0.8svn38497-60:2017.135.2.20svn15878-60:2017.135.0.0.1csvn17512-60:2017.135.2.41svn43843-60:2017.20170520.svn43843-90:2017.135.0.0.3svn33490-60:2017.135.1.9svn42099-60:2017.135.svn41506-60:2017.135.svn18948-60:2017.135.2.0svn15878-60:2017.135.1.5svn15878-60:2017.135.svn41853-60:2017.135.0.0.9svn24863-60:2017.135.svn26313-60:2017.20170520.svn18790-90:2017.135.0.0.6svn23723-60:2017.135.1.3svn43195-60:2017.135.0.0.3asvn15878-60:2017.135.0.0.3svn43337-60:2017.135.0.0.3svn19717-60:2017.135.0.0.3.11svn36084-60:2017.135.1.1svn32377-60:2017.135.svn44166-60:2017.135.svn31835-60:2017.135.0.0.1svn35373-60:2017.135.0.0.1svn44131-60:2017.135.2.1.0bsvn44396-60:2017.135.1.0svn21271-60:2017.135.3.10svn44427-60:2017.135.1.0csvn30254-60:2017.135.1.0asvn44197-60:2017.135.1.0fsvn30256-60:2017.135.1.3hsvn40636-60:2017.135.1.1svn38174-60:2017.135.1.0hsvn30257-60:2017.135.1.2gsvn31902-60:2017.135.2.2psvn30259-60:2017.135.1.3lsvn35198-60:2017.135.3.1asvn30261-60:2017.135.1.3rsvn30262-60:2017.135.3.8isvn30263-60:2017.135.3.3qsvn44495-60:2017.135.1.4tsvn30265-60:2017.135.1.1asvn38064-60:2017.135.1.3qsvn30267-60:2017.135.3.3asvn44270-60:2017.135.1.3svn39861-60:2017.135.4.3csvn30270-60:2017.135.2.1svn33527-60:2017.135.2.9svn42424-60:2017.135.1.9gsvn42010-60:2017.135.2.3hsvn30273-60:2017.135.1.5csvn41435-60:2017.135.1.2bsvn39387-60:2017.135.1.0msvn43235-60:2017.135.1.6svn30276-60:2017.135.1.0hsvn30277-60:2017.135.1.3nsvn36645-60:2017.135.2.1svn43145-60:2017.135.1.1svn30279-60:2017.135.3.5svn38173-60:2017.135.2.0asvn34377-60:2017.135.svn39587-60:2017.135.1.0msvn43234-60:2017.135.2.0isvn30281-60:2017.135.0.0.2svn39608-60:2017.135.1.0svn30282-60:2017.135.1.2lsvn30283-60:2017.135.1.2qsvn30284-60:2017.135.1.2lsvn30285-60:2017.135.svn30286-60:2017.135.1.3isvn42885-60:2017.135.1.0csvn30288-60:2017.135.1.0gsvn30289-60:2017.135.1.0dsvn30290-60:2017.135.2.2svn30348-60:2017.135.3.1asvn30292-60:2017.135.1.2isvn30351-60:2017.135.lower_sorbian_1.0g._upper_1.0ksvn30294-60:2017.135.0.0.3svn37629-60:2017.135.5.0psvn39920-60:2017.135.2.3dsvn30296-60:2017.135.1.0.0svn30564-60:2017.135.1.3bsvn33284-60:2017.135.1.4svn44550-60:2017.135.1.4svn39246-60:2017.135.1.1asvn38372-60:2017.135.1.31svn25245-60:2017.135.2.1svn42428-60:2017.135.1.1svn28513-60:2017.135.2.2svn42106-60:2017.135.3.02svn34393-60:2017.135.1.5.1svn41919-60:2017.135.1.2.0svn43500-60:2017.135.0.0.9.2svn38857-60:2017.135.0.0.4asvn22013-60:2017.135.svn38479-60:2017.135.svn20619-60:2017.135.0.0.93svn25597-60:2017.135.1.1svn35460-60:2017.135.1.016svn19490-60:2017.135.1.072svn43461-60:2017.135.1.043svn43484-60:2017.135.1.20svn32924-60:2017.133.1.05svn26477-50:2017.133.svn19440-50:2017.133.1.01svn17186-50:2017.133.svn15878-50:2017.133.svn17224-50:2017.133.1.01svn17187-50:2017.133.svn33143-50:2017.133.0.0.1.3svn43928-50:2017.133.3.1svn39364-50:2017.133.3.41svn43073-50:2017.133.0.0.02bsvn38159-50:2017.133.0.0.2svn39180-50:2017.133.2.2svn27539-50:2017.133.0.0.1svn23427-50:2017.133.0.0.1.1svn40105-50:2017.133.0.0.4.1svn35101-50:2017.133.1.12svn37009-50:2017.133.0.0.2svn23510-50:2017.133.1.2svn44568-50:2017.133.svn42161-50:2017.133.1.02svn39048-50:2017.133.1.0svn41404-50:2017.133.1.2svn43031-50:2017.133.1.0svn39100-50:2017.133.1.0svn29937-50:2017.133.1.1svn21977-50:2017.133.0.0.1svn20765-50:2017.133.svn44569-50:2017.133.1.5svn36294-50:2017.133.1.6svn15878-50:2017.133.svn18651-50:2017.133.svn20987-50:2017.133.svn20031-50:2017.133.1.004svn32215-50:2017.133.svn35428-50:2017.133.1.0svn38708-50:2017.133.0.0.5svn15878-50:2017.133.1.1svn42038-50:2017.133.1.1svn37880-50:2017.133.1.1bsvn15878-50:2017.133.svn25507-50:2017.133.0.0.3svn15878-50:2017.133.2.11svn44205-50:2017.133.0.0.4svn27401-50:2017.133.0.0.4svn39041-50:2017.133.1.5svn15878-50:2017.133.2.1svn40096-50:2017.133.2.7svn43910-50:2017.20170520.svn42679-90:2017.133.3.02svn39928-50:2017.20170520.svn16219-90:2017.133.2.0.2svn31607-50:2017.133.3.7svn42680-50:2017.133.3.0.1svn43510-50:2017.133.2.6.0svn43043-50:2017.133.7.4svn42893-50:2017.133.1.2svn44522-50:2017.133.1.0svn43468-50:2017.133.1.3.1asvn40323-50:2017.133.2.3.0svn43619-50:2017.133.0.0.02svn26556-50:2017.133.0.0.2.7svn43371-50:2017.133.svn43650-50:2017.133.1.1ssvn43116-50:2017.133.1.0rc4svn44156-50:2017.133.1.2.0svn43723-50:2017.133.1.7svn42649-50:2017.133.1.6csvn43082-50:2017.133.1.0gsvn43555-50:2017.133.1.14svn44172-50:2017.133.0.0.4svn19787-50:2017.133.1.2dsvn43620-50:2017.133.0.0.1svn41634-50:2017.133.0.0.3.2svn44066-50:2017.133.0.0.1gsvn29252-50:2017.133.0.0.4svn43032-50:2017.133.0.0.3svn32180-50:2017.133.1.12.2svn43108-50:2017.133.1.9svn42445-50:2017.133.1.3.1svn43049-50:2017.133.1.0.1svn37081-50:2017.133.1.0svn24097-50:2017.133.1.3bsvn43382-50:2017.133.0.0.4svn24011-50:2017.133.0.0.1svn41596-50:2017.133.1.8.0svn43621-50:2017.133.0.0.10svn44385-50:2017.133.1.9.5svn43860-50:2017.133.1.0bsvn41922-50:2017.133.1.7svn43765-50:2017.133.2.7.0svn42390-50:2017.133.0.0.8.1svn42972-50:2017.133.1.1gsvn42147-50:2017.133.1.0.0svn43738-50:2017.133.2.4.1svn41675-50:2017.133.1.2.0svn43330-50:2017.133.1.1.2asvn32750-50:2017.133.0.0.3svn41656-50:2017.133.1.3.0svn42120-50:2017.133.1.16svn42162-50:2017.133.2.3.1svn35497-50:2017.133.1.0asvn21923-50:2017.133.1.0svn25526-50:2017.133.1.0svn25527-50:2017.133.1.1svn22054-50:2017.133.0.0.1svn39785-50:2017.133.svn17116-50:2017.133.0.0.99dsvn44166-50:2017.133.3.71svn29725-50:2017.133.1.3svn43549-50:2017.133.svn29743-50:2017.133.1.1asvn15878-50:2017.133.1.10svn15878-50:2017.133.2.2svn15878-50:2017.133.30.7svn44546-50:2017.133.0.0.1svn35154-50:2017.133.0.0.2svn34631-50:2017.133.0.0.1csvn37795-50:2017.133.0.0.2svn34632-50:2017.133.0.0.3svn35267-50:2017.133.0.0.1svn34633-50:2017.133.2.1svn38248-50:2017.133.svn29803-50:2017.133.1.01svn41777-50:2017.133.1.0svn15878-50:2017.133.1.00svn43960-50:2017.133.svn42217-50:2017.133.0.0.1svn25779-50:2017.133.svn39073-50:2017.133.1.1svn15878-50:2017.133.2.0svn25039-50:2017.133.0.0.07svn36406-50:2017.133.1.1svn38388-50:2017.133.svn17209-50:2017.133.1.0svn22490-50:2017.133.2.5svn35014-50:2017.133.1.2asvn38638-50:2017.133.1.4svn20047-50:2017.133.1.0svn37657-50:2017.133.1.1svn32235-50:2017.133.0.0.1svn17076-50:2017.133.1.0svn21670-50:2017.133.1.0.1svn36605-50:2017.133.2.1svn43861-50:2017.133.0.0.2svn37536-50:2017.133.svn23609-50:2017.133.0.0.7bsvn15878-50:2017.133.svn31835-50:2017.133.1.618033svn40846-50:2017.133.1.61803svn21907-50:2017.133.1.00svn21948-50:2017.133.3.14svn17830-50:2017.133.1.02dsvn43344-50:2017.133.0.0.02svn17062-50:2017.133.svn21047-50:2017.133.svn16989-50:2017.133.2svn17087-50:2017.133.1.0svn36477-50:2017.133.1.30svn28031-50:2017.133.1.06svn15878-50:2017.133.svn39701-50:2017.133.1.0svn17129-50:2017.133.1.0svn23790-50:2017.133.svn20655-50:2017.133.svn17127-50:2017.133.2.0svn32047-50:2017.133.svn21014-50:2017.133.1.40svn29901-50:2017.133.1.0svn44371-50:2017.133.0.0.98esvn43071-50:2017.133.1.2svn35383-50:2017.133.svn28363-50:2017.133.0.0.04svn15878-50:2017.133.3.2svn35041-50:2017.20170520.svn17794-90:2017.133.svn25185-50:2017.133.1.1svn27488-50:2017.133.1.1svn44481-50:2017.133.1.0svn44514-50:2017.133.0.0.3svn42292-50:2017.133.0.0.3svn41813-50:2017.133.0.0.2asvn43219-50:2017.133.0.0.2svn30559-50:2017.133.0.0.2svn40213-50:2017.133.0.0.3asvn43369-50:2017.133.0.0.3asvn44554-50:2017.133.1.5bsvn43741-50:2017.133.0.0.2bsvn44173-50:2017.133.0.0.2asvn44195-50:2017.133.0.0.3asvn44174-50:2017.133.0.0.4svn43201-50:2017.133.2.3svn38736-50:2017.133.1.2svn18337-50:2017.133.svn42428-50:2017.133.svn43687-50:2017.133.1.0svn26313-50:2017.20170520.svn15543-90:2017.133.svn34991-50:2017.133.0.0.90svn27725-50:2017.133.0.0.6.1svn15878-50:2017.133.1.0svn35973-50:2017.133.2.0svn33041-50:2017.133.001.000svn24302-50:2017.133.svn43515-50:2017.133.svn17125-50:2017.133.2.4.2svn43003-50:2017.133.20.17asvn44131-50:2017.133.2.2svn32508-50:2017.133.0.0.4svn24523-50:2017.133.2.4svn27066-50:2017.133.2.0svn15878-50:2017.133.svn17353-50:2017.133.svn41409-50:2017.133.0.0.1svn39000-50:2017.133.svn18258-50:2017.133.svn35002-50:2017.133.1.8.2svn25144-50:2017.133.2.5svn17123-50:2017.133.1.1svn21476-50:2017.133.r0.2svn38859-50:2017.133.0.0.2.7hsvn35069-50:2017.133.0.0.2svn16666-50:2017.133.svn31624-50:2017.133.1.1svn39936-50:2017.133.1.02.2svn15878-50:2017.133.3.2csvn23443-50:2017.133.1.1svn17122-50:2017.133.1.5svn30020-50:2017.133.1.4svn34452-50:2017.133.1.0svn17121-50:2017.133.0.0.36svn36697-50:2017.133.1.1svn39797-50:2017.133.3.21svn31332-50:2017.133.1.01svn36728-50:2017.133.1.5svn36195-50:2017.133.3.5csvn29349-50:2017.133.1.0svn16094-50:2017.133.1.0csvn15878-50:2017.133.2.0.4svn41737-50:2017.133.2.1bsvn15878-50:2017.133.2.0.1svn15878-50:2017.133.1.0svn17120-50:2017.133.1.0isvn28572-50:2017.20170520.svn25623-90:2017.133.1.0svn38300-50:2017.20170520.svn38300-90:2017.133.0.0.9svn17146-50:2017.133.0.0.2.5svn15878-50:2017.133.1.3svn17119-50:2017.133.1.0svn21632-50:2017.133.1.2esvn44513-50:2017.133.4.15esvn43583-50:2017.133.1.1svn42758-50:2017.133.5.8svn44023-50:2017.133.1.2svn40522-50:2017.133.1.1svn43747-50:2017.133.2.0msvn31096-50:2017.133.svn21046-50:2017.133.1.2svn20582-50:2017.133.1.12svn39317-50:2017.133.1.7svn33801-50:2017.133.1.2asvn19440-50:2017.133.2.1svn38161-50:2017.133.1.01svn27118-50:2017.133.0.0.2.4svn42341-50:2017.133.1.5svn44512-50:2017.133.1.0svn40931-50:2017.133.0.0.1svn27473-50:2017.133.1.7.6svn44166-50:2017.133.2.0svn20060-50:2017.133.1.0asvn17157-50:2017.133.1.1.1svn37934-50:2017.133.1.2svn26700-50:2017.133.2.9999svn28552-50:2017.133.0.0.2.1svn42751-50:2017.133.svn34408-50:2017.133.0.0.8.3svn44488-50:2017.133.5.5svn36428-50:2017.133.1.2svn37103-50:2017.133.1.01svn44454-50:2017.133.0.0.2asvn43444-50:2017.133.4.8.4svn36951-50:2017.133.20170505.0svn44207-50:2017.20170520.svn37223-90:2017.133.1.8svn40373-50:2017.133.4.8.4svn41119-50:2017.133.svn44166-50:2017.133.0.0.1svn29018-50:2017.133.4.2svn38304-50:2017.133.0.0.77svn33101-50:2017.133.0.0.3.1svn38221-50:2017.133.svn34405-50:2017.133.0svn16549-50:2017.133.0.0.19svn32513-50:2017.133.0.0.2svn28876-50:2017.133.1.2svn41531-50:2017.133.1.7svn15878-50:2017.133.svn34887-50:2017.133.0.0.5svn28250-50:2017.133.0.0.7.0svn19445-50:2017.133.1.0hsvn42428-50:2017.133.0.0.9svn24378-50:2017.133.8.1svn21107-50:2017.133.svn39273-50:2017.133.svn28910-50:2017.133.svn40785-50:2017.133.svn17964-50:2017.133.3.01svn44283-50:2017.133.svn18787-50:2017.133.2.1svn39728-50:2017.133.svn32550-50:2017.133.0.0.13svn38138-50:2017.133.0.0.7svn34668-50:2017.133.0.0.3svn37572-50:2017.133.1.042svn43462-50:2017.133.0.0.3svn17630-50:2017.133.svn21126-50:2017.133.0.0.1svn34481-50:2017.133.1.2svn29803-50:2017.133.0.0.5svn21539-50:2017.133.0.0.4bsvn26557-50:2017.133.2.0bsvn35084-50:2017.133.svn18270-50:2017.133.0.0.3csvn15878-50:2017.133.0.0.2svn41042-50:2017.133.svn13293-50:2017.133.1.2.0svn42228-50:2017.133.1.0svn22155-50:2017.133.1.0asvn29803-50:2017.133.1.3svn31490-50:2017.133.1.22svn21741-50:2017.133.0.0.99fsvn18462-50:2017.133.0.0.7asvn19361-50:2017.133.0.0.2.2svn27198-50:2017.133.0.0.1svn44491-50:2017.133.2.3svn27536-50:2017.133.1.1svn42851-50:2017.133.1.2svn18259-50:2017.133.r0.11asvn38875-50:2017.133.3.8svn41927-50:2017.133.0.0.76svn15878-50:2017.133.12.3svn43001-50:2017.133.2.25fsvn39903-50:2017.133.0.0.0.5_r1svn29020-50:2017.133.svn17219-50:2017.133.svn17218-50:2017.133.svn18791-50:2017.133.0.0.8svn29349-50:2017.133.0.0.1.1svn37868-50:2017.133.svn44436-50:2017.133.svn23167-50:2017.133.svn31026-50:2017.133.svn36188-50:2017.20170520.svn34112-90:2017.133.svn42327-50:2017.133.svn42328-50:2017.133.svn29905-50:2017.133.svn36948-50:2017.133.svn42326-50:2017.133.svn24582-50:2017.133.svn27472-50:2017.133.svn30380-50:2017.133.svn42329-50:2017.133.svn42330-50:2017.133.svn38202-50:2017.133.svn23171-50:2017.133.0.0.6csvn33092-50:2017.133.svn28434-50:2017.133.svn29229-50:2017.133.svn34438-50:2017.133.svn36189-50:2017.133.svn29801-50:2017.133.svn25411-50:2017.133.svn37413-50:2017.133.svn36190-50:2017.133.0.0.1svn39308-50:2017.133.2.14svn18950-50:2017.133.1.0.1svn31745-50:2017.133.svn43558-50:2017.133.0.0.10asvn35923-50:2017.20170520.svn30408-90:2017.133.0.0.9bsvn15878-50:2017.133.1.10svn42507-50:2017.133.1.1svn35929-50:2017.133.1.35svn15878-50:2017.133.1.4svn15878-50:2017.133.1.2svn29062-50:2017.133.1.6svn37928-50:2017.133.0.0.1svn24829-50:2017.133.3.00svn41865-50:2017.133.1.1svn44131-50:2017.133.1.1svn23862-50:2017.133.0.0.21svn26042-50:2017.133.1.00asvn27576-50:2017.133.svn35058-50:2017.133.svn24940-50:2017.133.1.01svn15878-50:2017.133.1.4svn44501-50:2017.133.1.0esvn21209-50:2017.133.1.20svn44476-50:2017.133.0.0.1svn29803-50:2017.133.svn43525-50:2017.133.2.1asvn43993-50:2017.20170520.svn43866-90:2017.133.1.9svn32657-50:2017.133.3.0svn16896-50:2017.133.0.0.1svn37019-50:2017.133.svn41553-50:2017.133.1.1svn43277-50:2017.133.svn40855-50:2017.133.svn44321-50:2017.20170520.svn33902-90:2017.133.5.2bsvn43469-50:2017.133.1.01svn23371-50:2017.133.1.02svn43961-50:2017.133.svn41301-50:2017.133.0.0.03svn41986-50:2017.133.1.20svn41597-50:2017.133.1.31svn38672-50:2017.133.1.0svn38514-50:2017.133.1.0svn36304-50:2017.133.1.9.1svn44129-50:2017.20170520.svn24061-90:2017.133.1.2csvn26313-50:2017.20170520.svn23866-90:2017.133.2.4.9svn43669-50:2017.133.1.1svn44166-50:2017.133.0.0.7svn34453-50:2017.133.0.0.1svn44489-50:2017.133.0.0.7csvn40725-50:2017.133.svn24139-50:2017.133.1.16svn20745-50:2017.133.1.60svn37839-50:2017.133.1.53svn15878-50:2017.133.4.33svn24729-50:2017.133.0.0.2svn34577-50:2017.133.3.64bsvn44166-50:2017.133.svn28878-50:2017.133.2.1svn37658-50:2017.133.2.1svn37659-50:2017.133.0.0.915svn18651-50:2017.20170520.svn29741-90:2017.133.svn29349-50:2017.133.1.1svn35362-50:2017.133.0.0.03svn38599-50:2017.133.1.14svn23425-50:2017.133.1.3svn29579-50:2017.133.1.2svn23373-50:2017.133.0.0.6svn42883-50:2017.133.2.27svn41772-50:2017.133.0.0.6svn27974-50:2017.133.0.0.02svn18951-50:2017.133.2.60svn36650-50:2017.133.1.5.2svn41686-50:2017.133.1.0svn36682-50:2017.133.1.2svn38287-50:2017.133.1.0svn36705-50:2017.133.1.04svn39991-50:2017.133.1.1svn40237-50:2017.133.1.02svn43742-50:2017.133.1.0svn36692-50:2017.133.1.1svn43452-50:2017.133.1.0svn36635-50:2017.133.1.6svn38093-50:2017.133.1.3svn37146-50:2017.133.1.0svn36670-50:2017.133.1.01svn43743-50:2017.133.1.0svn36625-50:2017.133.1.0svn36699-50:2017.133.1.0svn36700-50:2017.133.1.0svn36661-50:2017.133.1.1svn44562-50:2017.133.1.0svn36636-50:2017.133.1.0asvn28983-50:2017.133.1.5svn41804-50:2017.133.5.0.0svn30206-50:2017.133.1.3svn26355-50:2017.20170520.svn17399-90:2017.133.svn23374-50:2017.133.0.0.6svn23487-50:2017.133.0.0.41svn43666-50:2017.133.2.34svn31771-50:2017.133.1.0svn23974-50:2017.133.2.0svn39589-50:2017.133.1.0svn42415-50:2017.133.svn16549-50:2017.133.0.0.7svn42829-50:2017.133.0.0.11svn24035-50:2017.133.1.1svn37656-50:2017.20170520.svn37645-90:2017.133.2.2svn42843-50:2017.133.2.1svn15878-50:2017.133.0.0.2svn19387-50:2017.133.svn28946-50:2017.133.svn28501-50:2017.133.svn17192-50:2017.133.svn32925-50:2017.133.1.0svn41554-50:2017.133.svn19441-50:2017.133.2.5svn15878-50:2017.133.1.0svn27918-50:2017.133.1.20svn15878-50:2017.133.0.0.32svn42428-50:2017.133.1.0svn20520-50:2017.133.1.5.0svn43417-50:2017.133.0.0.2svn34295-50:2017.133.0.0.6svn15878-50:2017.133.svn17337-50:2017.133.0.0.01svn17194-50:2017.133.svn24927-50:2017.133.svn34294-50:2017.133.1.5.0svn40723-50:2017.133.1.2dsvn15878-50:2017.133.1.4svn25741-50:2017.133.svn44131-50:2017.133.0.0.1svn34474-50:2017.133.0.0.1svn34521-50:2017.133.1.2svn29752-50:2017.20170520.svn24759-90:2017.133.3.0svn26237-50:2017.133.0.0.01asvn15878-50:2017.133.1.1svn17195-50:2017.133.1.111svn15878-50:2017.133.r0.32svn38860-50:2017.133.1.1svn30695-50:2017.133.2.3svn43060-50:2017.133.7.0svn42608-50:2017.133.svn17196-50:2017.133.0.0.1svn15878-50:2017.133.1svn15878-50:2017.133.2.16svn15878-50:2017.133.0.0.1svn44269-50:2017.133.1.2svn37498-50:2017.133.1.2esvn35866-50:2017.133.1.5.0svn44471-50:2017.133.svn28582-50:2017.133.4.4svn38157-50:2017.133.2.1svn23912-50:2017.133.1.2svn39802-50:2017.133.1.1bsvn19232-50:2017.133.0.0.97svn29349-50:2017.133.1.0svn34724-50:2017.133.2.07asvn44524-50:2017.133.0.0.6.1svn44166-50:2017.133.0.0.10svn42661-50:2017.133.1.07svn38419-50:2017.20170520.svn29031-90:2017.133.2.1svn38375-50:2017.133.svn20741-50:2017.133.1.00svn18728-50:2017.133.1.0svn23448-50:2017.133.0.0.1svn29103-50:2017.133.svn36814-50:2017.20170520.svn8329-90:2017.133.1.5svn44166-50:2017.133.1.00svn29349-50:2017.133.1.04svn44515-50:2017.20170520.svn44515-90:2017.133.svn44224-50:2017.20170520.svn40273-90:2017.133.1.15svn44167-50:2017.133.svn44167-50:2017.133.1.6svn13293-50:2017.133.2.1.3svn40768-50:2017.20170520.svn40987-90:2017.133.0.0.1.3svn38726-50:2017.133.0.0.2bsvn35193-50:2017.133.6.0svn38742-50:2017.133.svn20851-50:2017.133.0.0.99svn19440-50:2017.133.svn32677-50:2017.133.1.2svn26424-50:2017.133.1.4.0svn44543-50:2017.133.1.3svn32661-50:2017.133.1.0svn38352-50:2017.133.4svn15878-50:2017.133.0.0.16svn35662-50:2017.133.1.1svn35701-50:2017.133.svn26313-50:2017.20170520.svn21000-90:2017.133.svn29466-50:2017.133.2.0svn44392-50:2017.133.1.0svn25033-50:2017.133.0.0.3svn38172-50:2017.133.0.0.1svn41617-50:2017.133.1.3svn29349-50:2017.133.1.0svn39233-50:2017.133.1.0svn39396-50:2017.133.svn32639-50:2017.133.0.0.3svn24928-50:2017.133.1.8svn25231-50:2017.133.0.0.6bsvn21540-50:2017.133.3.17svn15878-50:2017.133.1.2svn27599-50:2017.133.1.3asvn35829-50:2017.133.1.1esvn15878-50:2017.133.1.0svn33236-50:2017.133.1.02asvn20617-50:2017.133.svn39153-50:2017.133.1.5svn42003-50:2017.133.1.04svn42578-50:2017.133.1.2svn21758-50:2017.133.1.005_bsvn19705-50:2017.133.1.1asvn38114-50:2017.133.1.24.11svn38639-50:2017.133.0.0.2svn41161-50:2017.133.1.0svn39025-50:2017.133.1.2svn15878-50:2017.133.0.0.03svn42712-50:2017.133.1.2svn22513-50:2017.133.1.20svn37063-50:2017.133.1.0svn24504-50:2017.133.1.0svn31903-50:2017.133.0.0.6dsvn39334-50:2017.133.1svn42023-50:2017.133.2.1.1svn41731-50:2017.133.svn23483-50:2017.133.1.2svn18064-50:2017.133.svn28469-50:2017.133.svn34957-50:2017.133.1.1svn34087-50:2017.133.2.5dsvn24962-50:2017.133.1.6svn43750-50:2017.133.0.0.1dsvn34486-50:2017.133.svn17197-50:2017.133.2svn16558-50:2017.133.3.2svn28571-50:2017.133.0.0.1svn29802-50:2017.133.0.0.9asvn44024-50:2017.133.3.5.2svn24146-50:2017.133.1.8svn21472-50:2017.133.0.0.3svn33821-50:2017.133.1.01svn17210-50:2017.133.svn20513-50:2017.133.1.5csvn15878-50:2017.133.3.8svn41154-50:2017.133.2.7.4svn21461-50:2017.133.2014svn35575-50:2017.133.0.0.2svn29349-50:2017.133.0.0.6.3svn40917-50:2017.20170520.svn29050-90:2017.133.0.0.61svn18703-50:2017.133.2.26svn42905-50:2017.20170520.svn18336-90:2017.133.svn22931-50:2017.133.2.1svn32257-50:2017.133.1.0asvn43278-50:2017.133.svn20678-50:2017.133.1.3svn20641-50:2017.133.4.0svn29419-50:2017.133.1.08svn43506-50:2017.133.0.0.3svn42428-50:2017.133.1.97svn15878-50:2017.133.2.1svn41774-50:2017.133.1.2svn21385-50:2017.133.1.0svn18115-50:2017.133.0.0.98svn29235-50:2017.133.2.0gsvn37925-50:2017.133.svn37236-50:2017.133.1.0svn22426-50:2017.133.0.0.4svn17335-50:2017.133.1.3svn32098-50:2017.133.2.6svn36354-50:2017.133.svn37057-50:2017.133.2.7svn41784-50:2017.133.3.1415926svn20694-50:2017.133.0.0.7svn15878-50:2017.133.1.08isvn42182-50:2017.133.2.4svn42855-50:2017.133.1svn21906-50:2017.133.0.0.1hsvn19795-50:2017.133.1.04svn15878-50:2017.133.2.5svn42428-50:2017.133.0.0.2.1svn43735-50:2017.133.4.0svn15878-50:2017.133.1.1svn22191-50:2017.133.3.0bsvn25714-50:2017.133.svn43033-50:2017.133.svn34454-50:2017.133.1.4_subrfixsvn17265-50:2017.133.svn20202-50:2017.133.1.2svn35675-50:2017.133.2.5svn37279-50:2017.133.1.1.4svn42755-50:2017.133.1.101svn15878-50:2017.133.svn33398-50:2017.133.0.0.04svn16916-50:2017.133.0.0.5.1svn26313-50:2017.20170520.svn25860-90:2017.133.1.0svn17262-50:2017.133.1.6svn35417-50:2017.133.1.0svn42428-50:2017.133.2.4svn15878-50:2017.133.5.1bsvn44499-50:2017.133.1.8svn27206-50:2017.133.1.5svn29349-50:2017.133.0.0.21isvn43188-50:2017.133.1.2svn41377-50:2017.133.1.0bsvn15878-50:2017.133.0.0.41svn19859-50:2017.133.0.0.4svn16243-50:2017.133.1.8svn15878-50:2017.133.1.4asvn17263-50:2017.133.1.0svn21328-50:2017.133.3.00svn43470-50:2017.133.1.2.2svn43865-50:2017.133.0.0.1bsvn15878-50:2017.133.1.4svn18304-50:2017.133.3.9svn44479-50:2017.133.svn21912-50:2017.133.1.0svn34684-50:2017.133.0.0.92svn15878-50:2017.133.1.1svn18018-50:2017.133.0.0.9csvn15878-50:2017.133.1.0svn36263-50:2017.133.1.9svn41549-50:2017.133.1.8svn27129-50:2017.133.2.8svn18492-50:2017.133.0.0.3svn37889-50:2017.133.1.1svn29264-50:2017.133.1.12svn43464-50:2017.133.1.2msvn21340-50:2017.133.1.4svn32796-50:2017.133.1.1svn38074-50:2017.133.1.0svn24500-50:2017.133.1.1.1svn38489-50:2017.133.0.0.8svn26722-50:2017.133.0.0.8.8svn35346-50:2017.133.3.0.6svn43630-50:2017.133.0.0.92svn24730-50:2017.133.svn43812-50:2017.133.4.0svn30962-50:2017.133.0.0.3.3svn15878-50:2017.133.1.08svn17259-50:2017.133.1.1svn30223-50:2017.133.svn38895-50:2017.133.1.25svn37628-50:2017.133.1.0svn42966-50:2017.133.1.1.7svn44239-50:2017.133.1.1bsvn29349-50:2017.133.1.0svn33288-50:2017.133.0.0.2svn26313-50:2017.20170520.svn14752-90:2017.133.1.0.3svn28943-50:2017.133.svn19388-50:2017.133.svn21462-50:2017.133.0.0.1svn18784-50:2017.133.1.3svn24250-50:2017.133.1.2svn42107-50:2017.133.svn29529-50:2017.133.0.0.5dsvn24280-50:2017.133.0.0.81asvn28421-50:2017.133.1.2svn24042-50:2017.133.3.4svn38674-50:2017.20170520.svn14758-90:2017.133.2.2.1svn24329-50:2017.133.0.0.5svn21719-50:2017.133.4.2svn42501-50:2017.133.1.00svn38139-50:2017.133.0.0.3.46svn44472-50:2017.133.0.0.04svn38770-50:2017.133.1.0svn38816-50:2017.133.0.0.3asvn17131-50:2017.133.1asvn21631-50:2017.133.0.0.4svn25832-50:2017.133.4.4svn43413-50:2017.133.0.0.2.2svn30168-50:2017.133.svn20220-50:2017.133.1.0svn17272-50:2017.133.0.0.1.1bsvn19440-50:2017.133.0.0.10svn15878-50:2017.133.1.0.1svn19667-50:2017.133.0.0.4svn25768-50:2017.133.0.0.2svn25584-50:2017.133.1.3dsvn15878-50:2017.133.0.0.3bsvn15878-50:2017.133.3.3svn36572-50:2017.133.1.17svn35291-50:2017.133.3.01svn37298-50:2017.133.1.30svn25003-50:2017.133.1.34svn20710-50:2017.133.1.0svn17382-50:2017.133.svn25607-50:2017.133.0.0.4esvn40535-50:2017.133.1.1bsvn43380-50:2017.133.svn20638-50:2017.133.1.1asvn29173-50:2017.133.1.2svn21855-50:2017.133.svn21326-50:2017.133.2015.2svn40403-50:2017.133.2016.1svn40404-50:2017.133.4.6.3.2svn41412-50:2017.133.1.0dsvn33276-50:2017.133.0.0.2svn23608-50:2017.133.2.2svn17859-50:2017.133.1.933svn44166-50:2017.133.svn43546-50:2017.133.svn38345-50:2017.133.svn43573-50:2017.20170520.svn25997-90:2017.133.1.1svn43121-50:2017.133.0.0.6.3svn41366-50:2017.133.2.6asvn43661-50:2017.133.1.6bsvn21399-50:2017.133.2.0.7svn17115-50:2017.133.5.5bsvn23330-50:2017.133.20161201svn42621-50:2017.133.1.0svn27034-50:2017.133.1.0svn43424-50:2017.133.1.0asvn25430-50:2017.133.2.7svn27819-50:2017.133.2.1.4svn43129-50:2017.133.svn42503-50:2017.133.3.0svn15878-50:2017.133.2016.11_3svn43005-50:2017.133.2.3svn21480-50:2017.133.1.0asvn15878-50:2017.133.2.00svn32214-50:2017.133.1.3svn15878-50:2017.133.svn29646-50:2017.133.1.002svn15878-50:2017.133.1.6svn26313-50:2017.20170520.svn13663-90:2017.133.1.0svn18312-50:2017.133.0.0.96svn26789-50:2017.133.1.1svn38922-50:2017.133.svn24559-50:2017.133.1.000_2016_initial_releasesvn42157-50:2017.133.1.3svn27417-50:2017.133.1.4asvn24054-50:2017.133.1.4svn17275-50:2017.133.0.0.1svn29652-50:2017.133.1.03svn25434-50:2017.133.0.0.1.1svn34545-50:2017.133.0.0.1svn24684-50:2017.133.1.2svn26018-50:2017.133.svn26019-50:2017.133.1.2svn26030-50:2017.133.1.2.1svn41984-50:2017.133.4.0.2svn21140-50:2017.133.1.0svn24714-50:2017.133.svn37677-50:2017.133.2.8svn15878-50:2017.133.1.8svn19886-50:2017.133.0.0.2svn29803-50:2017.133.svn32934-50:2017.133.svn19216-50:2017.133.1.20svn29803-50:2017.133.1.0.1svn15878-50:2017.133.1.0svn36464-50:2017.133.svn25112-50:2017.133.1.10svn43086-50:2017.133.svn27208-50:2017.133.0.0.3.1svn15878-50:2017.133.1.1svn37378-50:2017.133.5.6svn19716-50:2017.133.1.1svn21882-50:2017.133.2.5esvn42428-50:2017.133.1.4svn42121-50:2017.133.1.2svn16189-50:2017.133.1.0svn39365-50:2017.133.1.9svn41503-50:2017.20170520.svn34971-90:2017.133.1.0svn23567-50:2017.133.2.9svn37156-50:2017.133.1.0svn19469-50:2017.133.1.0svn19440-50:2017.133.1.01svn28484-50:2017.133.svn31978-50:2017.133.svn31979-50:2017.133.1.01svn18651-50:2017.133.1.0svn18651-50:2017.133.0.0.5svn29803-50:2017.133.4.8svn41714-50:2017.133.1.1svn19878-50:2017.133.svn32068-50:2017.133.0.0.3svn23835-50:2017.133.1.0svn24980-50:2017.133.0.0.3svn41693-50:2017.133.1.0svn34049-50:2017.133.2.0.7svn38913-50:2017.133.0.0.0.betasvn38932-50:2017.133.1.5.2svn15878-50:2017.133.0.0.1svn39609-50:2017.133.4.30svn44564-50:2017.20170520.svn37813-90:2017.133.1.0svn35665-50:2017.133.1.1svn35685-50:2017.133.1.15svn44284-50:2017.133.1.1svn42873-50:2017.133.1.1svn36064-50:2017.133.svn41545-50:2017.133.0.0.993svn21292-50:2017.133.0.0.2svn15878-50:2017.133.0.0.97svn15878-50:2017.133.1.0svn21691-50:2017.133.0.0.996svn24287-50:2017.133.0.0.98svn24288-50:2017.133.0.0.73svn29803-50:2017.133.0.0.9.2svn41904-50:2017.133.svn28628-50:2017.133.0.0.1svn40936-50:2017.133.svn43726-50:2017.133.1.2isvn44131-50:2017.133.svn38263-50:2017.133.1.0svn44211-50:2017.133.0.0.2svn21387-50:2017.133.svn38832-50:2017.133.1.3.5svn22509-50:2017.133.0.0.0.3svn41905-50:2017.133.1.0svn35075-50:2017.133.svn43813-50:2017.133.svn41448-50:2017.133.svn43025-50:2017.133.svn44567-50:2017.133.1.0svn32630-50:2017.133.0.0.94svn31517-50:2017.133.svn43561-50:2017.133.0.0.13.2svn39606-50:2017.133.1.6svn40613-50:2017.133.svn28327-50:2017.133.svn39419-50:2017.133.5.0.2svn44502-50:2017.133.0.0.2svn17354-50:2017.133.0.0.3.0svn32981-50:2017.133.svn35859-50:2017.133.1.02svn34439-50:2017.133.0.0.9.4svn36244-50:2017.133.1.19.2svn44166-50:2017.133.0.0.2svn38503-50:2017.133.1.1svn32484-50:2017.133.svn43279-50:2017.133.1.6svn32258-50:2017.133.0.0.7svn41880-50:2017.133.0.0.9.2svn27458-50:2017.133.0.0.97svn43254-50:2017.133.1.0svn38428-50:2017.133.0.0.1svn27671-50:2017.133.0.0.10asvn44043-50:2017.133.1.6.0svn43962-50:2017.133.2.1svn43280-50:2017.133.1.2bsvn15878-50:2017.133.20120101svn25019-50:2017.133.20120102svn25020-50:2017.133.1.0svn17356-50:2017.133.0.0.2svn21396-50:2017.133.1.0svn26543-50:2017.133.1.0svn21327-50:2017.133.2.0.5svn15878-50:2017.133.1.1svn32003-50:2017.133.0.0.11svn23818-50:2017.133.1.5svn42054-50:2017.133.svn36348-50:2017.133.1.3svn41359-50:2017.133.2.0svn35722-50:2017.133.2.0svn35723-50:2017.133.1.5.0svn35720-50:2017.133.1.1.1svn15878-50:2017.133.svn16135-50:2017.133.1.09svn43507-50:2017.133.0.0.3asvn34733-50:2017.133.1.15svn29349-50:2017.133.0.0.61svn24981-50:2017.133.1.2svn42635-50:2017.133.0.0.0betasvn15878-50:2017.133.4.2svn30002-50:2017.133.0.0.1svn44158-50:2017.133.1.8svn44474-50:2017.133.svn27036-50:2017.133.1.1.2svn41378-50:2017.133.0.0.92svn30530-50:2017.133.1.0fsvn22255-50:2017.133.0.0.23svn18020-50:2017.133.1.4svn42547-50:2017.133.1.2svn43732-50:2017.133.0.0.02svn16136-50:2017.133.3.02svn34364-50:2017.133.4.2dsvn17357-50:2017.133.1.0bsvn17358-50:2017.133.6.85asvn43547-50:2017.133.3.2svn43316-50:2017.133.svn44401-50:2017.133.svn40340-50:2017.133.svn41189-50:2017.133.svn44419-50:2017.133.svn41113-50:2017.133.5svn40340-50:2017.133.4.8gsvn40340-50:2017.133.3.1svn44401-50:2017.133.3.0asvn41113-50:2017.133.1.0asvn40340-50:2017.133.4.5svn40340-50:2017.133.2.3csvn15878-50:2017.133.svn37354-50:2017.133.4.5svn15878-50:2017.133.0.0.2csvn38115-50:2017.133.0.0.4dsvn25821-50:2017.133.4.0svn17359-50:2017.133.1.0.0svn41332-50:2017.133.1.2svn24853-50:2017.133.1.0.0svn38823-50:2017.133.1.4svn43610-50:2017.133.0.0.47svn20727-50:2017.133.1.2asvn19363-50:2017.133.0.0.3svn23379-50:2017.133.1.1svn40726-50:2017.133.0.0.4svn21156-50:2017.133.1.1svn44194-50:2017.133.svn24868-50:2017.133.0.0.2svn29654-50:2017.133.0.0.1asvn25819-50:2017.133.0.0.6svn19685-50:2017.133.1.0svn29613-50:2017.133.1.7svn30958-50:2017.133.1.0svn44551-50:2017.133.svn17347-50:2017.133.1.0jsvn15878-50:2017.133.1.3esvn42287-50:2017.133.svn38547-50:2017.133.svn35573-50:2017.133.svn35576-50:2017.133.1.4svn36448-50:2017.133.5.1svn17361-50:2017.133.1.7svn17667-50:2017.133.1.12svn36500-50:2017.133.1.112svn42871-50:2017.133.4.1betasvn24099-50:2017.133.1.5.1svn38931-50:2017.133.svn22018-50:2017.133.0.0.3svn28019-50:2017.133.2.2svn34299-50:2017.133.0.0.2svn36312-50:2017.133.3.1svn21474-50:2017.133.1.2svn27232-50:2017.133.0.0.3svn34840-50:2017.133.5th_editionsvn15878-50:2017.133.svn39397-50:2017.133.0.0.3.3svn33457-50:2017.133.0.0.4asvn42403-50:2017.133.1.0.2svn42604-50:2017.133.2.28svn16613-50:2017.133.1.09svn39520-50:2017.133.0.0.6.1svn27654-50:2017.133.1.0svn17362-50:2017.133.0.0.3svn23711-50:2017.133.1.1svn25742-50:2017.133.0.0.50svn37552-50:2017.133.0.0.995bsvn19611-50:2017.133.svn16364-50:2017.133.1.95svn40523-50:2017.133.3.13svn41718-50:2017.133.1.12svn20408-50:2017.133.1.7b6svn42950-50:2017.133.0.0.18svn43395-50:2017.133.svn24858-50:2017.133.svn44563-50:2017.133.1.23svn43458-50:2017.133.svn22719-50:2017.133.1.00svn17346-50:2017.133.1.2.2svn15878-50:2017.133.svn16211-50:2017.133.svn43403-50:2017.133.1.5svn43476-50:2017.133.0.0.2svn37553-50:2017.133.0.0.7.7svn28286-50:2017.133.4.3svn15878-50:2017.133.0.0.91svn15878-50:2017.133.0.0.52svn15878-50:2017.133.0.0.7svn24638-50:2017.133.0.0.6svn27994-50:2017.133.svn21338-50:2017.133.2.0svn36989-50:2017.133.1.0svn24498-50:2017.133.1.32svn15878-50:2017.133.3.1415svn18042-50:2017.133.0.0.15svn44306-50:2017.133.0.0.5bsvn28195-50:2017.133.1.6svn17992-50:2017.133.0.0.0.2svn23698-50:2017.133.0.0.2svn41414-50:2017.133.svn21606-50:2017.133.svn18488-50:2017.133.2.0svn19595-50:2017.133.svn17205-50:2017.133.1.01svn44565-50:2017.133.svn32899-50:2017.133.svn35820-50:2017.133.svn38627-50:2017.133.0.0.5svn25025-50:2017.133.3.23svn44226-50:2017.133.svn34243-50:2017.133.1.0svn26137-50:2017.133.1.1.1svn43902-50:2017.133.2.1.8svn43130-50:2017.133.2.1.1asvn38630-50:2017.133.2.1.2svn38558-50:2017.133.2.1.0svn38727-50:2017.20170520.svn32101-90:2017.133.svn44223-50:2017.133.3.31svn29803-50:2017.133.1.1svn24825-50:2017.133.1.0.2svn39080-50:2017.133.05.34svn27369-50:2017.133.0.0.995bsvn19612-50:2017.133.1.50svn19601-50:2017.133.2.4svn39597-50:2017.133.1.8.5.7svn15878-50:2017.133.2.3svn31315-50:2017.133.2.3svn25218-50:2017.133.svn44483-50:2017.133.0.0.13svn15878-50:2017.133.1.0svn33454-50:2017.133.svn44394-50:2017.133.svn28669-50:2017.133.svn31402-50:2017.133.0.0.2svn27764-50:2017.133.svn44096-50:2017.133.1.1svn23806-50:2017.133.1.2msvn36680-50:2017.133.20170101_pl1svn43813-50:2017.133.svn25831-50:2017.133.svn40098-50:2017.20170520.svn14050-90:2017.133.svn40612-50:2017.133.2svn25505-50:2017.133.svn28888-50:2017.133.0.0.9svn30983-50:2017.20170520.svn30983-90:2017.133.svn29235-50:2017.133.2.2.3svn42914-50:2017.133.1.62svn42296-50:2017.20170520.svn42296-90:2017.133.2svn36671-50:2017.133.svn16979-50:2017.133.svn40613-50:2017.133.svn41844-50:2017.133.svn38709-50:2017.133.svn42541-50:2017.133.svn37356-50:2017.133.1.25svn43855-50:2017.133.1.0svn42300-50:2017.20170520.svn42300-90:2017.133.1.0.10svn35999-50:2017.133.1.0.10svn36000-50:2017.133.0.0.2svn42409-50:2017.133.1.0asvn44566-50:2017.133.1.13svn15878-50:2017.133.svn35702-50:2017.133.2.00svn36866-50:2017.133.svn40274-50:2017.133.1.1svn39026-50:2017.133.1.2.0svn41892-50:2017.20170520.svn16420-90:2017.133.0.0.22svn26760-50:2017.133.0.0.3svn29349-50:2017.20170520.svn25012-90:2017.133.svn41920-50:2017.133.3.1svn44492-50:2017.20170520.svn32150-90:2017.133.4.52csvn43099-50:2017.20170520.svn10937-90:2017.133.1.2.1svn15878-50:2017.133.1.3svn41873-50:2017.20170520.svn27025-90:2017.133.2.2svn24986-50:2017.133.0.0.2svn19087-50:2017.133.2.6dsvn42428-50:2017.133.1.0asvn17691-50:2017.133.0.0.3svn16549-50:2017.133.1.3svn31474-50:2017.133.0.0.5asvn43034-50:2017.133.1.1bsvn43523-50:2017.133.svn23916-50:2017.133.0.0.19.4svn41811-50:2017.133.1.1svn34902-50:2017.133.1.0asvn30867-50:2017.133.2.353svn35145-50:2017.133.1.9svn38268-50:2017.133.svn21750-50:2017.133.1.0csvn17364-50:2017.133.1.1asvn36026-50:2017.133.svn21818-50:2017.133.3.5gsvn15878-50:2017.133.svn31795-50:2017.133.2.0svn23638-50:2017.133.5.3.0svn43603-50:2017.133.1.00svn39746-50:2017.133.6.4svn44409-50:2017.133.1.0.4svn44542-50:2017.133.1.0svn27789-50:2017.133.1.0svn19880-50:2017.133.svn31741-50:2017.133.svn39375-50:2017.133.svn31929-50:2017.133.1.007svn19409-50:2017.133.0.0.2.3svn33164-50:2017.20170520.svn31696-90:2017.133.2.1svn41390-50:2017.133.2.9svn21523-50:2017.133.4.41svn21442-50:2017.133.svn42268-50:2017.133.4.3svn30815-50:2017.133.0.0.1svn41304-50:2017.133.0.0.27svn44131-50:2017.133.1.3svn34800-50:2017.133.2.0svn38722-50:2017.133.2.2svn29349-50:2017.20170520.svn26126-90:2017.133.1.2svn17373-50:2017.133.1.6svn37534-50:2017.133.67svn29349-50:2017.20170520.svn15093-90:2017.133.1.03svn34893-50:2017.133.1.3svn42530-50:2017.133.0.0.2svn16134-50:2017.133.svn22722-50:2017.133.3.1svn20021-50:2017.133.2.004svn28119-50:2017.133.1.959svn36915-50:2017.133.1.0svn25552-50:2017.133.1.3svn44368-50:2017.133.svn32617-50:2017.133.0.0.2svn20422-50:2017.133.svn21934-50:2017.133.1.0svn24499-50:2017.133.svn33254-50:2017.133.2.5svn34491-50:2017.133.1.0svn19640-50:2017.133.1.07svn41438-50:2017.20170520.svn41465-90:2017.133.1.0svn43159-50:2017.133.1.0svn39028-50:2017.133.1.0svn34302-50:2017.133.0.0.2svn27889-50:2017.133.1.3svn30704-50:2017.133.svn36918-50:2017.133.0.0.8svn20843-50:2017.133.0.0.9svn31077-50:2017.133.0.0.7svn21322-50:2017.133.1.0svn39804-50:2017.133.5.10svn43606-50:2017.133.4.27svn29803-50:2017.133.5.0.5svn37892-50:2017.133.5.05svn39323-50:2017.133.5.01fr_0svn23332-50:2017.133.3.0bsvn42434-50:2017.133.svn36207-50:2017.133.4.17svn15878-50:2017.133.4.26svn15878-50:2017.133.5.01svn31296-50:2017.133.5.01.0svn22569-50:2017.133.svn18906-50:2017.133.4.20svn15878-50:2017.133.0.0.5svn35050-50:2017.133.4.00svn15878-50:2017.133.0.0.1svn26196-50:2017.133.svn41550-50:2017.133.0.0.1.8svn42874-50:2017.133.1.1svn34923-50:2017.133.1.74dsvn17533-50:2017.133.0.0.01svn43746-50:2017.133.1.2dsvn21869-50:2017.133.2.04svn38663-50:2017.20170520.svn29005-90:2017.133.1.2svn37006-50:2017.20170520.svn32346-90:2017.133.0.0.1csvn15878-50:2017.133.0.0.0.3csvn28332-50:2017.133.svn21927-50:2017.133.1.3svn21586-50:2017.133.0.0.0.1asvn24897-50:2017.133.0.0.7.0svn29349-50:2017.133.0.0.4svn40229-50:2017.133.0.0.5svn41387-50:2017.20170520.svn29053-90:2017.133.0.0.1asvn31783-50:2017.133.0.0.2svn30790-50:2017.133.1.2asvn25193-50:2017.133.1.0svn42670-50:2017.133.0.0.1bsvn25882-50:2017.133.0.0.973svn20491-50:2017.133.0.0.03svn35490-50:2017.133.svn30473-50:2017.133.1.0svn30474-50:2017.133.1.6svn40621-50:2017.133.2.5svn43153-50:2017.133.0.0.51svn43814-50:2017.133.2.12.1svn44496-50:2017.133.2.8_fix_2svn43194-50:2017.20170520.svn34647-90:2017.133.0.0.1svn44500-50:2017.133.svn37877-50:2017.20170520.svn44549-90:2017.133.1.4svn41456-50:2017.133.1.3svn38550-50:2017.133.20170505.0svn44217-50:2017.133.1.17svn44141-50:2017.133.1.0.1svn20747-50:2017.133.0.0.3svn39019-50:2017.133.0.0.0.2svn32741-50:2017.133.0.0.32svn44552-50:2017.20170520.svn43292-90:2017.133.2.0bsvn32354-50:2017.133.svn21086-50:2017.133.0.0.62asvn44166-50:2017.133.0.0.4svn23236-50:2017.133.1.1svn31498-50:2017.133.0.0.4svn24694-50:2017.133.0.0.1csvn44079-50:2017.20170520.svn37750-90:2017.133.0.0.2svn41012-50:2017.133.0.0.1esvn15878-50:2017.133.0.0.94bsvn38769-50:2017.20170520.svn38769-90:2017.133.1.0.6svn15878-50:2017.133.2.1svn28973-50:2017.133.2.6.1svn41598-50:2017.133.svn35799-50:2017.133.1.7svn36110-50:2017.133.1.1svn31598-50:2017.133.1.2bsvn43979-50:2017.133.2.5.3svn44237-50:2017.133.2.2asvn29349-50:2017.133.1.0.1svn29845-50:2017.133.1.1svn35773-50:2017.133.1.43svn36270-50:2017.20170520.svn23500-90:2017.133.svn20062-50:2017.133.svn21129-50:2017.133.1.09svn43332-50:2017.133.1.3rsvn42447-50:2017.133.0.0.1fsvn15878-50:2017.133.2.31svn31639-50:2017.133.0.0.9svn34301-50:2017.133.1.00svn15878-50:2017.133.1.3.2svn39864-50:2017.133.1.003svn15878-50:2017.133.1.0svn44131-50:2017.133.3.4svn37763-50:2017.133.0.0.2bsvn42773-50:2017.133.1.13svn31957-50:2017.20170520.svn23661-90:2017.133.1.19svn44504-50:2017.133.0.0.3svn34323-50:2017.133.1.3svn17582-50:2017.133.2svn31813-50:2017.133.0.0.3svn44171-50:2017.133.4.23svn44468-50:2017.133.1.6svn18173-50:2017.133.1.2svn31648-50:2017.133.6.2svn39515-50:2017.133.1.9bsvn31075-50:2017.133.1.2svn20298-50:2017.133.0.0.5svn28399-50:2017.133.1.05.4svn15878-50:2017.133.0.0.79svn44045-50:2017.133.svn38828-50:2017.133.1.6svn31878-50:2017.133.svn34157-50:2017.133.3.7fsvn41203-50:2017.133.1.2svn30452-50:2017.133.svn42767-50:2017.133.0.0.994svn15878-50:2017.133.1.5svn41823-50:2017.133.svn34315-50:2017.133.2.7182818svn44166-50:2017.133.0.0.9svn15878-50:2017.133.0.0.12svn18611-50:2017.133.0.0.93svn15878-50:2017.133.0.0.56svn37105-50:2017.133.0.0.2.5svn19692-50:2017.133.2.0bsvn17485-50:2017.133.1.0svn18489-50:2017.133.1.3svn40099-50:2017.133.1.05svn40855-50:2017.133.2.5asvn33802-50:2017.20170520.svn23406-90:2017.133.2.04svn41785-50:2017.133.2.0svn42428-50:2017.133.1.002svn36898-50:2017.133.svn43947-50:2017.133.svn19410-50:2017.133.1.10svn28444-50:2017.133.0.0.4svn17745-50:2017.133.4.2svn41676-50:2017.133.svn44451-50:2017.133.1.7svn38224-50:2017.133.1.0svn39837-50:2017.133.2.6asvn41127-50:2017.133.2.4svn24549-50:2017.133.1.1asvn17484-50:2017.133.1.2svn18789-50:2017.133.1.0svn41610-50:2017.133.0.0.2asvn30914-50:2017.133.1.0svn43752-50:2017.133.0.0.96svn32559-50:2017.133.svn17483-50:2017.133.61svn37852-50:2017.133.1.1svn32165-50:2017.133.2.4.1svn42418-50:2017.133.svn32069-50:2017.133.1.8fsvn42186-50:2017.133.1.004svn42810-50:2017.133.2.0svn26313-50:2017.20170520.svn14428-90:2017.133.0.0.8svn29725-50:2017.20170520.svn8457-90:2017.133.1.02svn33700-50:2017.20170520.svn33688-90:2017.133.svn20885-50:2017.133.0.0.6asvn15878-50:2017.133.2.2svn39057-50:2017.133.1.03svn15878-50:2017.133.0.0.8svn35521-50:2017.133.3.0svn37579-50:2017.133.1.4svn18651-50:2017.133.2.0.0svn37992-50:2017.133.0.0.9svn38254-50:2017.133.0.0.2gsvn38448-50:2017.133.1svn29803-50:2017.133.svn44142-50:2017.133.0.0.2svn28140-50:2017.133.ivu.04.092svn29349-50:2017.133.1.01svn43347-50:2017.133.0.0.5svn39367-50:2017.133.1.03svn24479-50:2017.133.1.0hsvn37927-50:2017.133.r0.83svn38815-50:2017.133.1.9svn17513-50:2017.133.2.3asvn22126-50:2017.133.svn43945-50:2017.133.svn26473-50:2017.133.1.34svn29349-50:2017.133.0.0.1svn39729-50:2017.133.0.0.20svn23252-50:2017.133.0.0.3svn29776-50:2017.133.1.004svn15878-50:2017.133.1.11svn43670-50:2017.133.svn41282-50:2017.20170520.svn18674-90:2017.133.17.06svn44453-50:2017.133.1.16svn15878-50:2017.133.0.0.40svn15878-50:2017.133.svn17514-50:2017.133.2.6bsvn41345-50:2017.133.1.1+svn17967-50:2017.133.1.02svn43445-50:2017.133.svn34878-50:2017.133.svn21775-50:2017.133.1.03svn38035-50:2017.133.1.03svn30939-50:2017.20170520.svn30534-90:2017.133.1.10svn40637-50:2017.133.1.42svn18302-50:2017.133.1.0svn26544-50:2017.133.1.4svn38416-50:2017.133.2.2svn42588-50:2017.133.1.2.2svn21649-50:2017.133.1.24svn43375-50:2017.20170520.svn37026-90:2017.133.svn37762-50:2017.133.svn40307-50:2017.133.1.1dsvn24857-50:2017.133.svn23861-50:2017.133.1.0.1svn29370-50:2017.133.0.0.75svn44352-50:2017.133.0.0.3svn26422-50:2017.133.svn43647-50:2017.133.3.3csvn30021-50:2017.133.1.99bsvn28611-50:2017.133.1.5.6svn26807-50:2017.133.3.4svn21392-50:2017.133.1.01svn41996-50:2017.133.0.0.7svn24741-50:2017.133.3.2svn43586-50:2017.133.3.0svn29558-50:2017.133.3.19svn38100-50:2017.133.8.31bsvn20668-50:2017.133.0.0.1svn32693-50:2017.133.1.0svn21819-50:2017.133.1.1svn41413-50:2017.133.1.1svn41643-50:2017.133.3.5svn15878-50:2017.133.3.0svn29349-50:2017.133.svn40536-50:2017.133.1.3dsvn29601-50:2017.133.svn27323-50:2017.133.1.0svn31500-50:2017.133.1.03svn39029-50:2017.133.2.0svn18704-50:2017.133.1.0svn29331-50:2017.133.9.4svn15878-50:2017.133.1.32svn44457-50:2017.133.1.525svn44520-50:2017.133.1.05svn41918-50:2017.133.1.055svn44510-50:2017.133.1.1svn28253-50:2017.133.1.1svn23996-50:2017.133.1.3asvn26258-50:2017.133.svn43640-50:2017.133.0.0.7asvn28527-50:2017.133.1.1csvn36086-50:2017.133.r0.67svn38914-50:2017.133.svn39460-50:2017.133.1.00svn39343-50:2017.133.0.0.2svn16437-50:2017.133.1.06svn44353-50:2017.133.1.04svn37984-50:2017.133.1.0svn30140-50:2017.133.1.2svn43011-50:2017.133.0.0.2.2svn35709-50:2017.133.1.2svn26786-50:2017.133.3.1asvn15878-50:2017.133.0.0.4svn16549-50:2017.133.1.0svn17598-50:2017.133.1svn22114-50:2017.133.svn18128-50:2017.133.svn37675-50:2017.133.r11svn40125-50:2017.133.1.0.1svn42428-50:2017.133.2.0ksvn31162-50:2017.133.0.0.8.1svn41906-50:2017.133.svn42361-50:2017.133.svn42881-50:2017.133.svn18129-50:2017.133.1.2svn44529-50:2017.133.1.0svn24066-50:2017.133.1.0svn30991-50:2017.133.2.01asvn29027-50:2017.133.2.1asvn15878-50:2017.133.1.33svn27609-50:2017.133.1.203svn15878-50:2017.133.0.0.1svn22256-50:2017.133.1.01dsvn42307-50:2017.133.1.10svn33109-50:2017.133.2.0.2svn31729-50:2017.133.svn18130-50:2017.133.1.39svn27498-50:2017.133.1.0svn43189-50:2017.133.0.0.98dsvn44131-50:2017.133.svn43610-50:2017.133.svn19389-50:2017.133.0.0.11svn33355-50:2017.133.0.0.4svn28803-50:2017.133.0.0.5svn28492-50:2017.133.0.0.29svn44528-50:2017.133.svn25689-50:2017.133.svn20852-50:2017.133.svn20969-50:2017.133.0.0.6svn38449-50:2017.133.svn16991-50:2017.133.svn24876-50:2017.133.svn28668-50:2017.133.2.0svn42872-50:2017.133.1.00svn17932-50:2017.133.2.2svn41735-50:2017.133.svn41526-50:2017.133.svn33046-50:2017.133.0.0.20svn42927-50:2017.133.1.1svn17474-50:2017.133.1.2svn24706-50:2017.133.1.2svn43091-50:2017.133.1.0svn27331-50:2017.133.2.4svn44505-50:2017.133.2.2bsvn18131-50:2017.133.1.0svn39030-50:2017.133.1.5svn43599-50:2017.133.svn35095-50:2017.133.1.2svn23714-50:2017.133.svn21833-50:2017.133.svn18360-50:2017.133.0.0.94svn21095-50:2017.133.1.1svn25192-50:2017.133.2.7svn43431-50:2017.133.svn34409-50:2017.133.0.0.53svn19712-50:2017.133.svn24947-50:2017.133.3.002svn42617-50:2017.133.1.0isvn44487-50:2017.133.0.0.5svn16915-50:2017.133.1.2fsvn39164-50:2017.133.1.0lsvn34521-50:2017.133.1.0hsvn23667-50:2017.133.1.2bsvn19230-50:2017.133.1.32svn38621-50:2017.133.svn40042-50:2017.133.2.7svn43021-50:2017.133.svn32859-50:2017.133.4.1svn29803-50:2017.133.3svn41868-50:2017.133.1.4svn21475-50:2017.133.2.0svn19963-50:2017.133.1.6svn42036-50:2017.133.1.03svn32313-50:2017.133.2.01svn32263-50:2017.133.2.01svn39542-50:2017.133.1.05svn41379-50:2017.133.2.3svn44166-50:2017.133.svn16490-50:2017.133.3.05svn22045-50:2017.133.0.0.5svn16005-50:2017.133.1.0svn21629-50:2017.133.0.0.1lsvn26112-50:2017.20170520.svn10843-90:2017.133.5.0svn15878-50:2017.133.svn40986-50:2017.133.1.2svn24807-50:2017.133.0.0.1svn24830-50:2017.133.2.4svn32809-50:2017.133.0.0.1svn17583-50:2017.133.1.2svn37537-50:2017.20170520.svn37537-90:2017.133.2.4svn41484-50:2017.133.1.7asvn18735-50:2017.133.1.37svn29348-50:2017.20170520.svn14387-90:2017.133.2.02svn29752-50:2017.20170520.svn17868-90:2017.133.0.0.31svn43117-50:2017.20170520.svn41779-90:2017.133.0.0.92svn23492-50:2017.133.1.4svn37946-50:2017.133.0.0.5hsvn42973-50:2017.133.1.5svn42428-50:2017.133.svn20373-50:2017.133.0.0.86svn44166-50:2017.133.1.01svn31016-50:2017.133.1.5.84svn44412-50:2017.133.1.30svn40690-50:2017.20170520.svn40690-90:2017.133.1.0svn31990-50:2017.20170520.svn25962-90:2017.133.svn42683-50:2017.133.2.2svn44175-50:2017.133.2.1svn38719-50:2017.20170520.svn16181-90:2017.133.0.0.9svn37297-50:2017.133.1.0001svn25915-50:2017.133.svn39165-50:2017.20170520.svn39165-90:2017.133.r36svn31934-50:2017.20170520.svn29348-90:2017.133.3.0.1asvn44231-50:2017.133.1.01svn31693-50:2017.133.1.1svn32269-50:2017.133.1.0svn42986-50:2017.133.0.0.2.1.1svn33307-50:2017.133.0.0.7svn33045-50:2017.133.4.0svn31037-50:2017.133.0.0.0.1svn26093-50:2017.133.0.0.21svn35152-50:2017.133.2.1asvn34573-50:2017.133.0.0.21svn39988-50:2017.133.1.15svn44469-50:2017.133.1.0svn41857-50:2017.133.1.0svn41858-50:2017.133.1.0svn41859-50:2017.133.1.0svn41860-50:2017.133.1.0svn41869-50:2017.133.1.0svn41870-50:2017.133.1.0svn41871-50:2017.133.1.3svn36396-50:2017.133.1.1svn18651-50:2017.133.1.4svn41788-50:2017.133.1.2.1svn43482-50:2017.133.svn21871-50:2017.133.1.3.2svn43963-50:2017.133.svn18739-50:2017.133.1.3svn28590-50:2017.133.1.0svn21574-50:2017.133.1.2asvn20374-50:2017.133.0.0.3bsvn39591-50:2017.133.1.1svn21943-50:2017.133.svn24965-50:2017.133.0.0.3.0svn19440-50:2017.133.svn21894-50:2017.133.1.2svn24769-50:2017.133.svn24731-50:2017.133.1.618svn15878-50:2017.133.1.7svn26032-50:2017.20170520.svn13364-90:2017.133.1.4svn29725-50:2017.133.0.0.5.0svn35711-50:2017.133.1.7.4svn43374-50:2017.133.1.09svn36012-50:2017.133.0.0.1svn33526-50:2017.133.2.2svn19848-50:2017.133.3.141592653svn43076-50:2017.133.svn28424-50:2017.133.0.0.4asvn27765-50:2017.133.1.0svn29803-50:2017.133.svn44209-50:2017.20170520.svn22859-90:2017.133.svn44208-50:2017.133.2.0svn42918-50:2017.133.svn34236-50:2017.133.4.3svn30353-50:2017.133.0.0.5csvn31088-50:2017.133.2.76svn43869-50:2017.133.2.0.2svn39249-50:2017.20170520.svn32405-90:2017.133.1.0svn16287-50:2017.133.2.72svn40613-50:2017.133.3.0.1svn39921-50:2017.133.1.3.4svn44213-50:2017.133.1.101svn20075-50:2017.133.1.42.4svn40138-50:2017.133.0.0.18svn42664-50:2017.133.0.0.8.2svn31235-50:2017.133.svn21641-50:2017.133.1.1svn18305-50:2017.133.1.5asvn38984-50:2017.133.0.0.01svn15878-50:2017.133.0.0.13csvn15878-50:2017.133.0.0.4nsvn15878-50:2017.133.2011svn30447-50:2017.133.2.2svn25953-50:2017.133.svn43949-50:2017.133.1.0svn35147-50:2017.133.11.90svn44227-50:2017.133.1.5svn41985-50:2017.133.1.1asvn19847-50:2017.133.3.04svn29371-50:2017.133.svn21893-50:2017.133.1.1svn20886-50:2017.133.3.3.14svn44214-50:2017.133.1.10svn19519-50:2017.133.1.0b_4svn33822-50:2017.133.1.02svn43370-50:2017.133.0.0.6svn43184-50:2017.133.svn40538-50:2017.133.1.0hsvn33033-50:2017.133.svn41633-50:2017.133.1.13svn25562-50:2017.133.svn23552-50:2017.133.0.0.17svn15878-50:2017.133.3.04svn15878-50:2017.133.1.1svn26243-50:2017.133.0.0.35svn15878-50:2017.133.svn16416-50:2017.133.9.2asvn33946-50:2017.133.1.10svn17257-50:2017.133.2.04svn43703-50:2017.133.1.02svn19591-50:2017.133.0.0.01svn41980-50:2017.133.1.3svn22138-50:2017.133.0.0.92svn18734-50:2017.133.0.0.16asvn43996-50:2017.133.0.0.03svn41981-50:2017.133.1.62svn40685-50:2017.133.0.0.47svn15878-50:2017.133.1.05svn41223-50:2017.133.2.14svn41901-50:2017.133.1.07svn37377-50:2017.133.0.0.98_betasvn15878-50:2017.133.0.0.16svn17556-50:2017.133.2.03svn15878-50:2017.133.0.0.14svn29803-50:2017.133.1.56svn43911-50:2017.133.1.3.2svn19296-50:2017.133.0.0.05svn35248-50:2017.133.0.0.01svn28155-50:2017.133.0.0.06svn16958-50:2017.133.0.0.04svn17909-50:2017.133.0.0.85svn43912-50:2017.133.0.0.22asvn35832-50:2017.133.0.0.06svn44131-50:2017.133.1.34svn15878-50:2017.133.0.0.02svn21717-50:2017.133.0.0.11svn15878-50:2017.133.0.0.4svn33210-50:2017.133.2.6svn20946-50:2017.133.0.0.2svn16033-50:2017.133.2.04svn39077-50:2017.133.0.0.95svn29803-50:2017.133.1.02svn15878-50:2017.133.0.0.12svn15878-50:2017.133.1.13svn18922-50:2017.133.0.0.63svn34786-50:2017.133.1.01svn32997-50:2017.133.1.39svn43015-50:2017.133.0.0.21svn15878-50:2017.133.0.0.7svn35418-50:2017.133.5.2svn35673-50:2017.133.1.02svn41999-50:2017.133.2.82svn15878-50:2017.133.0.0.07svn40873-50:2017.133.1.2csvn44047-50:2017.20170520.svn7838-90:2017.133.1.05svn39585-50:2017.133.0.0.01svn16538-50:2017.133.1.79svn44511-50:2017.133.1.63svn35062-50:2017.133.0.0.01svn25142-50:2017.133.1.2svn23464-50:2017.133.0.0.03svn42840-50:2017.133.1.4svn21667-50:2017.133.1.31svn24391-50:2017.133.0.0.12svn24995-50:2017.133.4.32asvn43401-50:2017.133.1.02svn44507-50:2017.133.0.0.41svn35026-50:2017.133.0.0.13svn38613-50:2017.133.1.0svn16369-50:2017.133.0.0.06svn44320-50:2017.133.1.13svn43272-50:2017.133.1.01svn23451-50:2017.133.0.0.83svn15878-50:2017.133.0.0.4svn28801-50:2017.133.1.1svn44466-50:2017.133.1.0svn25228-50:2017.133.1.24svn15878-50:2017.133.0.0.16svn35247-50:2017.20170520.svn29333-90:2017.133.1.5csvn34015-50:2017.133.1.68svn44166-50:2017.133.2.73asvn44506-50:2017.133.3.83svn44281-50:2017.133.1.2svn34363-50:2017.133.svn42857-50:2017.133.svn43899-50:2017.133.20170114.0svn44206-50:2017.20170520.svn44206-90:2017.133.svn42950-50:2017.133.20170604.0svn44470-50:2017.20170520.svn29335-90:2017.133.1.1svn30171-50:2017.133.0.0.91svn19440-50:2017.133.svn27388-50:2017.133.1.1svn27389-50:2017.133.1.003svn24649-50:2017.133.1.1svn29725-50:2017.133.1.1svn44482-50:2017.133.1.0svn44459-50:2017.133.1.0svn27780-50:2017.133.1.0svn21838-50:2017.133.0.0.3svn40612-50:2017.133.0.0.2svn30212-50:2017.133.1.3asvn44225-50:2017.133.0.0.4svn43009-50:2017.133.1svn23682-50:2017.133.0.0.8svn34996-50:2017.20170520.svn34996-90:2017.133.0.0.21svn27064-50:2017.133.svn43191-50:2017.133.0.0.15svn41746-50:2017.20170520.svn31638-90:2017.133.2.5.3svn42816-50:2017.133.1.51svn36065-50:2017.133.3.1bsvn15878-50:2017.133.svn31763-50:2017.133.0.0.1svn42183-50:2017.133.1.1svn28046-50:2017.133.0.0.1csvn32818-50:2017.133.1.252svn43360-50:2017.133.1.3isvn15878-50:2017.133.1.4svn42629-50:2017.133.1.1svn44429-50:2017.133.1.2svn41727-50:2017.133.0.0.4svn38418-50:2017.133.1.2csvn15878-50:2017.133.0.0.1asvn21939-50:2017.133.1.11svn15878-50:2017.133.2.0svn42467-50:2017.133.0.0.2svn23581-50:2017.133.0.0.3dsvn39706-50:2017.133.1.3svn27225-50:2017.133.svn37026-50:2017.133.svn19980-50:2017.133.1.9.1svn29128-50:2017.133.1.1.2svn44131-50:2017.133.0.0.2csvn40612-50:2017.133.2.0esvn15878-50:2017.133.0.0.5svn20318-50:2017.133.1.0svn19979-50:2017.133.0.0.2bsvn41204-50:2017.133.1.6svn21127-50:2017.133.1.0hsvn25050-50:2017.133.2.22.0svn44545-50:2017.133.svn22050-50:2017.133.4.1svn30707-50:2017.133.1.1svn34924-50:2017.133.0.0.01svn24305-50:2017.133.17.05svn44298-50:2017.133.1.0svn33442-50:2017.133.1.31svn43631-50:2017.133.0.0.3.2svn38427-50:2017.133.svn24976-50:2017.133.0.0.11svn43505-50:2017.133.4.1rsvn19652-50:2017.133.svn16488-50:2017.133.1.0svn31137-50:2017.133.svn19082-50:2017.133.1.0.3svn40415-50:2017.133.0.0.92svn20002-50:2017.133.svn38386-50:2017.133.1.0fsvn25005-50:2017.133.1.0svn36236-50:2017.133.1.008_v7_scsvn19537-50:2017.133.svn20087-50:2017.133.1.0svn40843-50:2017.133.1.2svn18292-50:2017.133.3.0svn18740-50:2017.133.0.0.2svn29675-50:2017.133.2.2svn39796-50:2017.133.1.0svn43624-50:2017.133.1.1svn27322-50:2017.133.3.1fsvn41923-50:2017.133.1.02svn37965-50:2017.133.svn30084-50:2017.133.1.0svn20003-50:2017.133.4.0svn44131-50:2017.20170520.svn32919-90:2017.133.1.6svn21081-50:2017.133.1svn32392-50:2017.133.svn25209-50:2017.133.1.0svn44485-50:2017.133.1.0svn23739-50:2017.133.1.2svn19614-50:2017.133.1.36svn33945-50:2017.133.0.0.7asvn32815-50:2017.133.1.00svn41365-50:2017.133.2.2.1svn42925-50:2017.133.svn35737-50:2017.133.1.1svn17997-50:2017.133.svn30187-50:2017.133.svn43252-50:2017.133.3.8svn39014-50:2017.133.0.0.93svn33120-50:2017.133.2.4svn13293-50:2017.133.1.2svn31565-50:2017.133.2.4svn40525-50:2017.133.1.1.2svn15878-50:2017.133.1.8svn42809-50:2017.133.1.05asvn42633-50:2017.133.0.0.8svn39510-50:2017.133.0.0.6svn37277-50:2017.133.4svn35730-50:2017.133.2.1svn39318-50:2017.133.1.18svn15878-50:2017.133.0.0.1svn35087-50:2017.133.0.0.2svn44490-50:2017.133.1.6svn27223-50:2017.133.1.0svn37893-50:2017.133.0.0.1svn27810-50:2017.133.0.0.1dsvn39734-50:2017.133.1.1svn43017-50:2017.133.1.2.1svn41401-50:2017.133.1.0svn20208-50:2017.133.svn20180-50:2017.133.1.01svn37749-50:2017.133.2.0.2svn15878-50:2017.133.1.2svn43595-50:2017.133.1.0svn20185-50:2017.133.0.0.302svn38721-50:2017.133.svn42374-50:2017.133.1.62svn34011-50:2017.133.0.0.41svn15878-50:2017.133.0.0.1svn37568-50:2017.133.0.0.3csvn41732-50:2017.133.2.0svn20186-50:2017.133.svn23799-50:2017.133.svn23446-50:2017.133.svn23734-50:2017.133.svn39096-50:2017.133.0.0.6svn36613-50:2017.133.1.0svn44157-50:2017.133.0.0.1svn40613-50:2017.133.6.7asvn24881-50:2017.133.2.1.2svn33042-50:2017.133.1.0.1svn40088-50:2017.133.1.3svn41653-50:2017.133.0.0.91svn20209-50:2017.133.0.0.8svn15878-50:2017.133.2.15svn30959-50:2017.133.1svn22212-50:2017.133.svn20319-50:2017.133.svn20312-50:2017.133.0.0.3svn26522-50:2017.133.2.2svn30708-50:2017.133.1.1svn42428-50:2017.133.2.1bsvn41991-50:2017.133.1.1svn29349-50:2017.133.1.2svn28918-50:2017.133.0.0.3osvn42677-50:2017.133.0.0.5csvn39787-50:2017.133.1.8svn41322-50:2017.133.1.05svn20336-50:2017.133.1.6fsvn15878-50:2017.133.1.00svn40658-50:2017.133.1.01svn39707-50:2017.133.1.5bsvn27028-50:2017.133.svn43057-50:2017.133.svn43058-50:2017.133.1.4svn29260-40:2017.133.1.6asvn35537-40:2017.133.1.0.0svn39074-40:2017.133.1.2asvn15878-40:2017.133.svn20620-40:2017.133.0.0.01bsvn31719-40:2017.133.1.0svn22136-40:2017.133.2.7gsvn44428-40:2017.133.1.5.2svn32758-40:2017.133.svn20031-40:2017.133.0.0.52svn22781-40:2017.133.1.5svn43170-40:2017.133.0.0.4svn24652-40:2017.133.1.3svn30560-40:2017.133.0.0.4bsvn42902-40:2017.133.0.0.12gsvn42903-40:2017.133.0.0.1svn25608-40:2017.133.2.11svn25007-40:2017.133.1.0svn15878-40:2017.133.svn20333-40:2017.133.0.0.3bsvn42781-40:2017.133.1.9svn20311-40:2017.133.1.2svn39592-40:2017.133.1.14svn15878-40:2017.133.0.0.3svn30355-40:2017.133.4.5svn18136-40:2017.133.3.0svn44553-40:2017.133.svn27128-40:2017.133.0.0.1svn16215-40:2017.133.2.4svn15878-40:2017.133.1.0svn42992-40:2017.133.2.6svn40597-40:2017.133.2.6svn42852-40:2017.133.1.2svn40598-40:2017.133.svn42225-40:2017.133.1.1asvn15878-40:2017.133.1.7svn42821-40:2017.133.1.1svn39794-40:2017.133.0.0.41svn30715-40:2017.133.1.0svn34374-40:2017.133.3.25svn15878-40:2017.133.0.0.2svn15878-40:2017.133.1.17svn15878-40:2017.133.1.2csvn39766-40:2017.20170520.svn29688-90:2017.133.1.1svn22408-40:2017.133.1.2svn15878-40:2017.133.0.0.4csvn35531-40:2017.133.1.1svn39529-40:2017.133.svn23454-40:2017.133.1.6svn15878-40:2017.133.1.0svn38710-40:2017.20170520.svn38710-90:2017.133.2.01svn31585-40:2017.133.svn32293-40:2017.133.1.00svn15878-40:2017.133.4.01svn43221-40:2017.133.1.00svn44100-40:2017.133.1.2svn37875-40:2017.133.3.0svn42765-40:2017.133.1.2svn19982-40:2017.133.1.04svn35718-40:2017.133.1.6svn20306-40:2017.133.2.1svn23961-40:2017.133.0.0.03svn20334-40:2017.133.svn15878-40:2017.133.0.0.6svn15878-40:2017.133.11asvn36696-40:2017.133.svn40320-40:2017.133.1.1.2svn36914-40:2017.133.svn22027-40:2017.133.1.3asvn24895-40:2017.133.0.0.0.2svn24431-40:2017.133.1.23svn36203-40:2017.133.141svn25916-40:2017.133.2.0svn43684-40:2017.133.0.0.1.1svn19440-40:2017.133.1.0svn43516-40:2017.133.2.3svn29743-40:2017.20170520.svn21215-90:2017.133.0.0.1svn15878-40:2017.133.2.0bsvn15878-40:2017.133.2.1csvn15878-40:2017.133.1.3svn15878-40:2017.133.1.0svn20308-40:2017.133.2.1.5svn15878-40:2017.133.1.1svn26645-40:2017.133.2.14svn29349-40:2017.133.0.0.2asvn40989-40:2017.133.0.0.1.4svn32066-40:2017.133.1.2svn16117-40:2017.133.1.0svn16080-40:2017.133.1.0asvn15878-40:2017.133.2.9svn40238-40:2017.133.1.05svn36422-40:2017.133.4.1asvn15878-40:2017.133.svn19440-40:2017.133.2.00bsvn44503-40:2017.133.svn32199-40:2017.133.43svn15878-40:2017.133.2.4dsvn26313-40:2017.133.3.1862svn18017-40:2017.133.0.0.7.4svn17554-40:2017.133.2.0asvn40371-40:2017.133.svn25446-40:2017.133.svn31835-40:2017.133.svn41190-40:2017.133.svn44166-40:2017.133.1.1svn15878-40:2017.133.1.4.2svn16252-40:2017.133.0.0.3svn32473-40:2017.133.svn39024-40:2017.133.1.1svn25202-40:2017.133.1.1svn41849-40:2017.133.svn42413-40:2017.134.1.1csvn32804-50:2017.134.1.4asvn36489-50:2017.134.svn34495-50:2017.134.0.0.0esvn15878-50:2017.134.4.07_gsvn31855-50:2017.134.3.5svn17255-50:2017.134.1.1svn29421-50:2017.134.2.01svn42610-50:2017.134.svn15878-50:2017.134.1.3svn30710-50:2017.134.2.8svn21534-50:2017.134.1.0asvn17885-50:2017.134.0.0.2svn15878-50:2017.134.0.0.1svn15878-50:2017.134.1.0svn21191-50:2017.134.0.0.10svn34368-50:2017.134.1.7svn28908-50:2017.134.svn23761-50:2017.134.1.1svn42138-50:2017.134.1.1svn42428-50:2017.134.0.0.42svn27345-50:2017.134.1.4svn15878-50:2017.134.0.0.77svn31731-50:2017.134.0.0.2svn20484-50:2017.134.0.0.12svn41851-50:2017.134.2.40svn22018-50:2017.134.4.03svn44046-50:2017.134.2.5svn33043-50:2017.134.1.1svn15878-50:2017.134.1.3svn15878-50:2017.134.1.0svn29349-50:2017.134.1.06svn15878-50:2017.134.1.05svn39596-50:2017.134.1.3.1svn34594-50:2017.134.2.1svn15878-50:2017.134.1.8svn22514-50:2017.134.1.1svn18923-50:2017.134.svn37700-50:2017.134.0.0.7svn38928-50:2017.134.1.0svn42294-50:2017.134.3.0svn44331-50:2017.20170520.svn43957-90:2017.134.4.8svn40197-50:2017.134.3.14159265svn44166-50:2017.134.0.0.1svn18314-50:2017.134.2.004svn18651-50:2017.134.svn41264-50:2017.134.svn40533-50:2017.134.svn16372-50:2017.134.0.0.2svn41403-50:2017.134.0.0.4.8svn44131-50:2017.134.svn34177-50:2017.134.0.0.1esvn44103-50:2017.20170520.svn37771-90:2017.134.svn44379-50:2017.134.1.04svn24237-50:2017.134.svn44166-50:2017.134.3.0svn31323-50:2017.20170520.svn13013-90:2017.134.1.7bsvn26420-50:2017.20170520.svn21802-90:2017.134.0.0.4svn29752-50:2017.20170520.svn15506-90:2017.134.1.1svn29725-50:2017.20170520.svn12782-90:2017.134.svn44432-50:2017.134.svn31894-50:2017.134.1.32svn39660-50:2017.20170520.svn33155-90:2017.134.1.0asvn28553-50:2017.134.5.1svn43137-50:2017.134.svn44191-50:2017.134.svn44347-50:2017.134.svn44366-50:2017.134.svn44424-50:2017.134.svn44356-50:2017.134.svn44342-50:2017.134.svn44357-50:2017.134.svn44343-50:2017.134.svn44444-50:2017.134.svn44341-50:2017.134.svn44333-50:2017.134.svn44462-50:2017.134.svn26313-50:2017.20170520.svn24062-90:2017.134.0.0.9svn35584-50:2017.134.1.3.1svn19083-50:2017.134.2svn15878-50:2017.134.0.0.2.0svn15878-50:2017.134.1.5svn44509-50:2017.20170520.svn43596-90:2017.134.0.0.2svn29349-50:2017.134.1.4svn43151-50:2017.134.1.24svn24716-50:2017.134.2.18svn39057-50:2017.134.5svn20591-50:2017.134.1.0svn30788-50:2017.134.0.0.7svn44192-50:2017.134.2.01svn20677-50:2017.134.1.5svn23796-50:2017.134.1.6svn15878-50:2017.134.1.8svn41331-50:2017.134.1.0svn38809-50:2017.134.1.02svn20770-50:2017.134.0.0.2svn44140-50:2017.134.0.0.9bsvn44048-50:2017.134.svn30640-50:2017.134.2.1svn43745-50:2017.134.0.0.2svn39669-50:2017.134.66svn33624-50:2017.134.1.0svn28754-50:2017.134.1.0svn20675-50:2017.134.svn17383-50:2017.134.0.0.3svn34206-50:2017.134.1.0svn16549-50:2017.134.3.16svn34621-50:2017.20170520.svn6898-90:2017.134.1.0qsvn33134-50:2017.134.0.0.1svn16736-50:2017.134.5.3.2svn43609-50:2017.134.0.0.4dsvn42280-50:2017.134.1.0svn36306-50:2017.134.2.4svn44166-50:2017.133.svn25087-50:2017.133.0.0.1svn38295-50:2017.133.0.0.9esvn35485-50:2017.133.1.2svn42454-50:2017.133.1.0svn35805-50:2017.133.1.1.0svn39582-50:2017.133.0.0.4asvn44393-50:2017.133.0.0.1.1svn32769-50:2017.133.0.0.2.3svn43466-50:2017.133.1.0svn42039-50:2017.133.2.3svn43442-50:2017.133.1.2svn26108-50:2017.133.0.0.7dsvn21013-50:2017.133.1.0svn28715-50:2017.133.1.3svn44475-50:2017.133.svn36439-50:2017.133.1.1svn27723-50:2017.133.0.0.4svn43978-50:2017.133.1.0svn25777-50:2017.133.2.0svn32732-50:2017.133.0.0.2.6svn30637-50:2017.133.4.02svn44350-50:2017.133.svn31491-50:2017.133.svn42882-50:2017.133.1.3svn22005-50:2017.133.1.5svn38646-50:2017.133.1.2svn36170-50:2017.133.svn19457-50:2017.133.1.2svn43497-50:2017.133.3.1svn18729-50:2017.133.2.10.2svn40129-50:2017.133.2.1dsvn15878-50:2017.133.1.16svn22961-50:2017.133.1.00csvn22891-50:2017.133.1.1csvn22959-50:2017.133.1.16csvn22830-50:2017.133.1.16csvn22831-50:2017.133.1.00svn22832-50:2017.133.0.0.1svn22857-50:2017.133.1.0csvn22833-50:2017.133.0.0.1.4svn39408-50:2017.133.1.3csvn22834-50:2017.133.svn26096-50:2017.133.1.5ksvn20085-50:2017.133.0.0.12svn42623-50:2017.133.2.3fsvn30209-50:2017.133.1.3asvn33146-50:2017.133.2.142svn17746-50:2017.133.1.0.5svn42423-50:2017.133.1.1.0svn15878-50:2017.133.5.1svn32260-50:2017.133.svn19084-50:2017.133.5.9.06svn42586-50:2017.133.1.2svn21178-50:2017.133.2.00svn15878-50:2017.133.0.0.6svn42428-50:2017.133.2.1svn44455-50:2017.133.1.3.4svn43605-50:2017.133.svn24344-50:2017.133.svn23803-50:2017.133.2.0svn42198-50:2017.133.svn23804-50:2017.133.svn24345-50:2017.133.svn24754-50:2017.133.svn24196-50:2017.133.svn23840-50:2017.133.svn24010-50:2017.133.svn23957-50:2017.133.svn25105-50:2017.133.svn24228-50:2017.133.1.6svn44381-50:2017.133.0.0.91svn21751-50:2017.133.svn28176-50:2017.133.svn43006-50:2017.133.1.3bsvn15878-50:2017.133.1.0svn18732-50:2017.133.3.6svn18921-50:2017.133.1.0svn23440-50:2017.133.1.0svn20680-50:2017.133.2.05msvn44480-50:2017.133.3.5.2svn37649-50:2017.133.2.18svn42465-50:2017.133.1.23svn43560-50:2017.133.1.9svn27253-50:2017.133.0.0.1.0svn36298-50:2017.133.svn43537-50:2017.133.0.0.2svn17748-50:2017.133.1.3asvn29803-50:2017.133.svn17024-50:2017.133.1.1svn21578-50:2017.133.1.0svn21839-50:2017.133.1.00svn43327-50:2017.133.svn21820-50:2017.133.1.4svn40389-50:2017.133.0.0.1svn27046-50:2017.133.svn17134-50:2017.133.0.0.31svn29349-50:2017.20170520.svn25648-90:2017.133.2.0.7svn37623-50:2017.133.0.0.4.7svn44238-50:2017.133.0.0.21svn24994-50:2017.133.12.12svn29349-50:2017.133.1.8svn42912-50:2017.133.1.01svn38459-50:2017.133.3.5svn37776-50:2017.133.1.3svn40772-50:2017.133.0.0.03svn38907-50:2017.133.2.2.1svn40854-50:2017.133.2.2svn35853-50:2017.133.3.2svn15878-50:2017.133.1.6.0svn44308-50:2017.133.1.5.0svn15878-50:2017.133.1.1.0svn36371-50:2017.133.svn16791-50:2017.133.1.0svn44026-50:2017.133.0.0.2csvn39570-50:2017.133.1.00svn29974-50:2017.133.2.25svn15878-50:2017.133.svn21081-50:2017.133.svn26785-50:2017.133.1.1svn26313-50:2017.133.4.4svn44456-50:2017.133.2016_6_8svn41348-50:2017.133.0.0.11svn17476-50:2017.133.svn19085-50:2017.133.001.002svn18651-50:2017.133.2.0svn33625-50:2017.133.2.1svn43639-50:2017.133.svn42926-50:2017.133.0.0.0.1_r1svn29019-50:2017.133.svn18261-50:2017.133.1.0lsvn36681-50:2017.133.svn44467-50:2017.133.svn44465-50:2017.133.0.0.2svn31541-50:2017.133.0.0.2svn31409-50:2017.133.0.0.01svn42482-50:2017.133.1.5svn41521-50:2017.133.0.0.8dsvn43068-50:2017.133.0.0.92svn22357-50:2017.133.0.0.9bsvn42428-50:2017.133.svn33860-50:2017.133.0.0.2svn38506-50:2017.133.1.0svn29476-50:2017.133.2.5.6svn25355-50:2017.133.1.0asvn19700-50:2017.133.2.0svn32626-50:2017.133.svn22511-50:2017.133.svn43366-50:2017.133.svn44210-50:2017.20170520.svn26326-90:2017.133.svn43453-50:2017.133.0.0.1svn42334-50:2017.133.1.3svn26059-50:2017.133.1.20svn42950-50:2017.133.svn43900-50:2017.133.svn42853-50:2017.133.2.0svn43734-50:2017.133.1.0asvn21608-50:2017.133.3.4svn32528-50:2017.133.0.0.7svn29803-50:2017.20170520.svn23262-90:2017.133.1svn21701-50:2017.133.1.0asvn25969-50:2017.133.2.2svn32261-50:2017.133.0.0.04svn42456-50:2017.133.1.0svn27744-50:2017.133.2.1svn38269-50:2017.133.svn27354-50:2017.133.6.13svn15878-50:2017.133.svn23431-50:2017.133.svn34470-50:2017.133.1.1.1svn43686-50:2017.133.2.3svn32262-50:2017.133.1.0svn44154-50:2017.133.0.0.92svn24104-50:2017.133.0.0.4svn15878-50:2017.133.1.0svn29944-50:2017.133.2.17svn44166-50:2017.133.1.1svn40058-50:2017.133.1.005svn19444-50:2017.133.1.1svn21922-50:2017.133.3.13svn33197-50:2017.133.0.0.06svn15878-50:2017.133.0.0.2svn17177-50:2017.133.1.2svn23670-50:2017.133.2.4bsvn34017-50:2017.133.2.0svn21920-50:2017.133.0.0.55svn21921-50:2017.133.0.0.3svn39084-50:2017.133.1.0bsvn20589-50:2017.133.0.0.1svn32457-50:2017.133.1.6.1svn30080-50:2017.133.svn38647-50:2017.133.2.3svn39799-50:2017.133.0.0.64svn43239-50:2017.133.3.2svn30579-50:2017.133.1svn25629-50:2017.133.0.0.1svn32954-50:2017.133.0.0.2svn26039-50:2017.20170520.svn6897-90:2017.133.2.3svn21598-50:2017.133.0.0.2svn36254-50:2017.133.0.0.01svn22028-50:2017.133.svn21439-50:2017.133.svn35831-50:2017.133.svn35830-50:2017.133.4.5svn44166-50:2017.133.svn25813-50:2017.133.1.1svn16082-50:2017.133.0.0.2.0svn42756-50:2017.133.svn22459-50:2017.133.1.0bsvn22338-50:2017.133.1.7svn41381-50:2017.133.3.6svn22048-50:2017.133.1.0.1svn31532-50:2017.133.svn25469-50:2017.133.0.0.3.2svn42981-50:2017.133.1.4svn44127-50:2017.133.1.08svn43465-50:2017.133.1.0svn23783-50:2017.133.0.0.6svn41121-50:2017.133.0.0.4svn44128-50:2017.133.2.12svn41044-50:2017.133.0.0.1svn42289-50:2017.133.0.0.4svn41809-50:2017.133.1.3svn20031-50:2017.133.1.5svn36435-50:2017.133.prot2.5svn15878-50:2017.133.1.00svn39694-50:2017.133.22.87.03svn44166-50:2017.133.2.51svn42046-50:2017.133.3.4.8svn44370-50:2017.133.0.0.1svn29660-50:2017.133.1.1svn20221-50:2017.133.0.0.3svn35756-50:2017.133.1.2svn42764-50:2017.133.18.7svn44547-50:2017.133.svn16041-50:2017.133.2.0asvn40118-50:2017.133.svn41438-50:2017.20170520.svn44361-90:2017.133.0.0.5svn34296-50:2017.133.4.2svn35088-50:2017.133.svn17055-50:2017.133.0.0.1svn28847-50:2017.133.svn41133-50:2017.133.2.16svn43173-50:2017.133.svn30636-50:2017.133.1.1svn43864-50:2017.133.1.05svn15878-50:2017.133.3.0svn43222-50:2017.133.1.01svn22575-50:2017.133.1.4.0svn38929-50:2017.133.svn31683-50:2017.133.1.2ksvn42892-50:2017.133.1.108svn32763-50:2017.133.2.7asvn35741-50:2017.133.0.0.26svn42899-50:2017.133.0.0.6svn39453-50:2017.133.0.0.8svn40855-50:2017.133.svn35743-50:2017.133.0.0.2svn27897-50:2017.133.0.0.2svn27442-50:2017.133.1.0svn37604-50:2017.133.1.2asvn28770-50:2017.133.2.4svn41940-50:2017.133.1.0svn35928-50:2017.133.1.0svn26641-50:2017.133.0.0.4svn35211-50:2017.133.0.0.6svn43589-50:2017.133.0.0.8asvn44430-50:2017.133.1.4svn35945-50:2017.133.1.7csvn31900-50:2017.133.2.3fsvn23347-50:2017.133.0.0.981svn30466-50:2017.133.1.5.2dsvn28090-50:2017.133.5.06svn32182-50:2017.133.3.8.9svn31859-50:2017.133.svn19086-50:2017.133.1.1svn42830-50:2017.133.svn22613-50:2017.133.0.0.99psvn42671-50:2017.133.1.03svn21183-50:2017.133.svn43171-50:2017.133.0.0.6alphasvn26202-50:2017.133.1.0svn36013-50:2017.133.1.1svn31155-50:2017.133.1.0svn40207-50:2017.133.3.6svn23348-50:2017.133.1.1svn17635-50:2017.133.svn34398-50:2017.20170520.svn34398-90:2017.133.1.3svn27430-50:2017.133.svn17258-50:2017.133.r206svn22207-50:2017.133.1.0svn40728-50:2017.133.2.4svn41123-50:2017.133.svn41145-50:2017.133.2.1svn32279-50:2017.133.1.01svn34485-50:2017.133.1.4dsvn28846-50:2017.133.0.0.2svn28539-50:2017.133.0.0.3svn37281-50:2017.133.0.0.6svn28541-50:3.3.0-20:0.15.1b-30:0.9.57-10:0.6.4-10:0.3.7-10:3.100-10:1.25.10-10:1.6-10:1.8.10-30:1.5.2-20:1.15-30:1.2.4cvs20150223-40:2.0.15-10:1.6.0-20:1.0.10-30:1.1.1-10:0.6.1-20:4.38-10:2.150000-10:1.012.2-10:804.034-10:2.4.7-30:1.5.7-60:0.11+git.20130926-10:1.0.27-40:0.17.0-20:3.22.0-10:1.4.0-10:7.0.7.34-3.540:60.6.2-3.320:1.1.10-100:0.6.45-6.100:0.3.6-3.70:0.3.1-40:1.2.3-20:3.26.2.1-13.190:3.26.2+20180130.0d9c74212-4.160:1.34.2.1-4.60:1.4.14-40:1.5.0-40:2.2.1-3.30:1.2.15-3.90:2.0.8-3.90:1.8.0-3.110:3.4.2-4.120:0.94-6.60:0.26-6.30:0.3.0-4.30:6.2.3-11.80:1.3.5-11.80:1.18-11.80:5.2.4-11.80:2.1.0beta2-11.80:2017.20170520.svn30357-11.80:2017.20170520-11.80:2017.20170520.svn27321-11.80:2017.20170520.svn12688-11.80:2017.20170520.svn28038-11.80:2017.20170520.svn44143-11.80:2017.20170520.svn3006-11.80:2017.20170520.svn29036-11.80:2017.20170520.svn43843-11.80:2017.20170520.svn18790-11.80:2017.20170520.svn42679-11.80:2017.20170520.svn16219-11.80:2017.20170520.svn17794-11.80:2017.20170520.svn15543-11.80:2017.20170520.svn25623-11.80:2017.20170520.svn38300-11.80:2017.20170520.svn37223-11.80:2017.20170520.svn34112-11.80:2017.20170520.svn30408-11.80:2017.20170520.svn43866-11.80:2017.20170520.svn33902-11.80:2017.20170520.svn24061-11.80:2017.20170520.svn23866-11.80:2017.20170520.svn29741-11.80:2017.20170520.svn17399-11.80:2017.20170520.svn37645-11.80:2017.20170520.svn24759-11.80:2017.20170520.svn29031-11.80:2017.20170520.svn8329-11.80:2017.20170520.svn44515-11.80:2017.20170520.svn40273-11.80:2017.20170520.svn40987-11.80:2017.20170520.svn21000-11.80:2017.20170520.svn29050-11.80:2017.20170520.svn18336-11.80:2017.20170520.svn25860-11.80:2017.20170520.svn14752-11.80:2017.20170520.svn14758-11.80:2017.20170520.svn25997-11.80:2017.20170520.svn13663-11.80:2017.20170520.svn34971-11.80:2017.20170520.svn37813-11.80:2017.20170520.svn32101-11.80:2017.20170520.svn14050-11.80:2017.20170520.svn30983-11.80:2017.20170520.svn42296-11.80:2017.20170520.svn42300-11.80:2017.20170520.svn16420-11.80:2017.20170520.svn25012-11.80:2017.20170520.svn32150-11.80:2017.20170520.svn10937-11.80:2017.20170520.svn27025-11.80:2017.20170520.svn31696-11.80:2017.20170520.svn26126-11.80:2017.20170520.svn15093-11.80:2017.20170520.svn41465-11.80:2017.20170520.svn29005-11.80:2017.20170520.svn32346-11.80:2017.20170520.svn29053-11.80:2017.20170520.svn34647-11.80:2017.20170520.svn44549-11.80:2017.20170520.svn43292-11.80:2017.20170520.svn37750-11.80:2017.20170520.svn38769-11.80:2017.20170520.svn23500-11.80:2017.20170520.svn23661-11.80:2017.20170520.svn23406-11.80:2017.20170520.svn14428-11.80:2017.20170520.svn8457-11.80:2017.20170520.svn33688-11.80:2017.20170520.svn18674-11.80:2017.20170520.svn30534-11.80:2017.20170520.svn37026-11.80:2017.20170520.svn10843-11.80:2017.20170520.svn37537-11.80:2017.20170520.svn14387-11.80:2017.20170520.svn17868-11.80:2017.20170520.svn41779-11.80:2017.20170520.svn40690-11.80:2017.20170520.svn25962-11.80:2017.20170520.svn16181-11.80:2017.20170520.svn39165-11.80:2017.20170520.svn29348-11.80:2017.20170520.svn13364-11.80:2017.20170520.svn22859-11.80:2017.20170520.svn32405-11.80:2017.20170520.svn7838-11.80:2017.20170520.svn29333-11.80:2017.20170520.svn44206-11.80:2017.20170520.svn29335-11.80:2017.20170520.svn34996-11.80:2017.20170520.svn31638-11.80:2017.20170520.svn32919-11.80:2017.20170520.svn29688-11.80:2017.20170520.svn38710-11.80:2017.20170520.svn21215-11.80:2017.20170520.svn43957-11.80:2017.20170520.svn37771-11.80:2017.20170520.svn13013-11.80:2017.20170520.svn21802-11.80:2017.20170520.svn15506-11.80:2017.20170520.svn12782-11.80:2017.20170520.svn33155-11.80:2017.20170520.svn24062-11.80:2017.20170520.svn43596-11.80:2017.20170520.svn6898-11.80:2017.20170520.svn25648-11.80:2017.20170520.svn26326-11.80:2017.20170520.svn23262-11.80:2017.20170520.svn6897-11.80:2017.20170520.svn44361-11.80:2017.20170520.svn34398-11.80:3.3.0-4.50:0.3.9-3.30:2017.137.1.20svn15878-7.60:2017.137.1.62svn42296-7.60:2017.137.2svn36671-7.60:2017.137.svn16979-7.60:2017.137.svn40613-7.60:2017.137.svn41844-7.60:2017.137.svn29349-7.60:2017.137.svn38709-7.60:2017.137.svn42541-7.60:2017.137.svn37356-7.60:2017.137.1.25svn43855-7.60:2017.137.1.0svn42300-7.60:2017.137.1.0.10svn35999-7.60:2017.137.1.0.10svn36000-7.60:2017.137.0.0.2svn42409-7.60:2017.137.1.0asvn44566-7.60:2017.137.1.13svn15878-7.60:2017.137.svn35702-7.60:2017.137.2.00svn36866-7.60:2017.137.svn40274-7.60:2017.137.1.1svn39026-7.60:2017.137.0.0.1svn34481-7.60:2017.137.1.2.0svn41892-7.60:2017.137.0.0.22svn26760-7.60:2017.137.0.0.3svn29349-7.60:2017.137.svn41920-7.60:2017.137.3.1svn44492-7.60:2017.137.4.52csvn43099-7.60:2017.137.1.2.1svn15878-7.60:2017.137.1.3svn41873-7.60:2017.137.2.2svn24986-7.60:2017.137.0.0.2svn19087-7.60:2017.137.2.6dsvn42428-7.60:2017.137.1.0asvn17691-7.60:2017.137.0.0.3svn16549-7.60:2017.137.svn44166-7.60:2017.137.1.3svn31474-7.60:2017.137.1.1svn15878-7.60:2017.137.0.0.3svn15878-7.60:2017.137.0.0.5asvn43034-7.60:2017.137.1.1bsvn43523-7.60:2017.137.svn23916-7.60:2017.137.0.0.19.4svn41811-7.60:2017.137.svn15878-7.60:2017.137.1.1svn34902-7.60:2017.137.1.0asvn30867-7.60:2017.137.2.353svn35145-7.60:2017.137.1.9svn38268-7.60:2017.137.svn21750-7.60:2017.137.0.0.1svn15878-7.60:2017.137.1.0csvn17364-7.60:2017.137.1.1asvn36026-7.60:2017.137.1.0svn15878-7.60:2017.137.svn21818-7.60:2017.137.3.5gsvn15878-7.60:2017.137.svn31795-7.60:2017.137.2.0svn23638-7.60:2017.137.5.3.0svn43603-7.60:2017.137.1.00svn39746-7.60:2017.137.6.4svn44409-7.60:2017.137.1.0.4svn44542-7.60:2017.137.1.0svn27789-7.60:2017.137.1.0svn19880-7.60:2017.137.svn31741-7.60:2017.137.svn39375-7.60:2017.137.svn31929-7.60:2017.137.1.007svn19409-7.60:2017.137.0.0.2.3svn33164-7.60:2017.137.2.1svn41390-7.60:2017.137.2.9svn21523-7.60:2017.137.4.41svn21442-7.60:2017.137.svn42268-7.60:2017.137.4.3svn30815-7.60:2017.137.0.0.1svn41304-7.60:2017.137.0.0.27svn44131-7.60:2017.137.1.3svn34800-7.60:2017.137.2.0svn38722-7.60:2017.137.2.2svn29349-7.60:2017.137.1.2svn17373-7.60:2017.137.1.6svn37534-7.60:2017.137.67svn29349-7.60:2017.137.1.03svn34893-7.60:2017.137.1.3svn42530-7.60:2017.137.0.0.2svn16134-7.60:2017.137.svn22722-7.60:2017.137.3.1svn20021-7.60:2017.137.2.004svn28119-7.60:2017.137.1.959svn36915-7.60:2017.137.1.0svn25552-7.60:2017.137.1.3svn44368-7.60:2017.137.svn32617-7.60:2017.137.0.0.2svn20422-7.60:2017.137.svn21934-7.60:2017.137.1.0svn24499-7.60:2017.137.svn33254-7.60:2017.137.2.5svn34491-7.60:2017.137.0.0.6svn15878-7.60:2017.137.1.0svn19640-7.60:2017.137.1.07svn41438-7.60:2017.137.1.0svn43159-7.60:2017.137.1.0svn39028-7.60:2017.137.1.0svn34302-7.60:2017.137.0.0.2svn27889-7.60:2017.137.1.3svn30704-7.60:2017.137.svn36918-7.60:2017.137.0.0.8svn20843-7.60:2017.137.0.0.9svn31077-7.60:2017.137.0.0.7svn21322-7.60:2017.137.1.0svn39804-7.60:2017.137.5.10svn43606-7.60:2017.137.4.27svn29803-7.60:2017.137.1.3svn15878-7.60:2017.137.5.0.5svn37892-7.60:2017.137.5.05svn39323-7.60:2017.137.5.01fr_0svn23332-7.60:2017.137.3.0bsvn42434-7.60:2017.136.3.2svn15878-100:2017.136.1.6.0svn44308-100:2017.136.1.5.0svn15878-100:2017.136.1.1.0svn36371-100:2017.136.svn16791-100:2017.136.1.0svn44026-100:2017.136.0.0.2csvn39570-100:2017.136.1.00svn29974-100:2017.136.2.25svn15878-100:2017.136.svn21081-100:2017.136.svn26785-100:2017.136.1.1svn26313-100:2017.136.4.4svn44456-100:2017.136.2016_6_8svn41348-100:2017.136.1.20svn15878-100:2017.136.0.0.11svn17476-100:2017.136.2.1svn15878-100:2017.136.svn19085-100:2017.136.0.0.2svn15878-100:2017.136.001.002svn18651-100:2017.136.2.0svn33625-100:2017.136.2.1svn43639-100:2017.136.svn42926-100:2017.136.1.01svn15878-100:2017.136.0.0.0.1_r1svn29019-100:2017.136.svn18261-100:2017.136.1.0lsvn36681-100:2017.136.svn44467-100:2017.136.svn44465-100:2017.136.0.0.2svn31541-100:2017.136.0.0.2svn31409-100:2017.136.0.0.01svn42482-100:2017.136.1.5svn41521-100:2017.136.0.0.8dsvn43068-100:2017.136.0.0.92svn22357-100:2017.136.0.0.9bsvn42428-100:2017.136.2.0svn15878-100:2017.136.svn33860-100:2017.136.0.0.2svn38506-100:2017.136.1.0svn29476-100:2017.136.2.5.6svn25355-100:2017.136.1.0asvn19700-100:2017.136.2.0svn32626-100:2017.136.svn22511-100:2017.136.svn43366-100:2017.136.svn44210-100:2017.136.svn43453-100:2017.136.0.0.1svn42334-100:2017.136.1.3svn26059-100:2017.136.1.20svn42950-100:2017.136.svn43900-100:2017.136.svn42853-100:2017.136.2.0svn43734-100:2017.136.1.0asvn21608-100:2017.136.3.4svn32528-100:2017.136.0.0.7svn29803-100:2017.136.1svn21701-100:2017.136.1.0asvn25969-100:2017.136.2.2svn32261-100:2017.136.0.0.04svn42456-100:2017.136.1.0svn27744-100:2017.136.2.1svn38269-100:2017.136.svn15878-100:2017.136.svn27354-100:2017.136.6.13svn15878-100:2017.136.svn23431-100:2017.136.svn34470-100:2017.136.1.1.1svn43686-100:2017.136.0.0.3svn15878-100:2017.136.2.3svn32262-100:2017.136.1.0svn44154-100:2017.136.0.0.92svn24104-100:2017.136.0.0.4svn15878-100:2017.136.1.0svn29944-100:2017.136.2.17svn44166-100:2017.136.1.1svn40058-100:2017.136.1.005svn19444-100:2017.136.1.1svn21922-100:2017.136.3.13svn33197-100:2017.136.0.0.06svn15878-100:2017.136.0.0.2svn17177-100:2017.136.1.2svn23670-100:2017.136.2.4bsvn34017-100:2017.136.2.0svn21920-100:2017.136.0.0.55svn21921-100:2017.136.0.0.3svn39084-100:2017.136.1.0bsvn20589-100:2017.136.0.0.1svn32457-100:2017.136.1.6.1svn30080-100:2017.136.svn38647-100:2017.136.2.3svn39799-100:2017.136.0.0.64svn43239-100:2017.136.svn44166-100:2017.136.2.5svn15878-100:2017.136.3.2svn30579-100:2017.136.1svn25629-100:2017.136.1.0svn15878-100:2017.136.0.0.1svn32954-100:2017.136.0.0.2svn26039-100:2017.136.2.3svn21598-100:2017.136.0.0.2svn36254-100:2017.136.svn42428-100:2017.136.1.10svn15878-100:2017.136.0.0.01svn22028-100:2017.136.1.0csvn15878-100:2017.136.svn21439-100:2017.136.svn35831-100:2017.136.svn35830-100:2017.136.4.5svn44166-100:2017.136.svn25813-100:2017.136.1.1svn16082-100:2017.136.0.0.2.0svn42756-100:2017.136.svn22459-100:2017.136.1.0bsvn22338-100:2017.136.1.7svn41381-100:2017.136.1.2bsvn15878-100:2017.136.3.6svn22048-100:2017.136.1.0.1svn31532-100:3.22.0-3.30:2.4.0-20:1.9.10-10:1.8.12-30:2.0.0.b6-30:20180329-10:2.15.1-10:7.2.1-10:7.2.1_k4.12.14_23-10:5.8-10:1.12.12-20:2.0.14-30:2.2.1-40:0.26.3-10:3.11.9-30:5.4.0-10:4.5.2-10:2.13.02-10:4.05.0-40:1.38.0-30:0.80-10:7.30-10:0.68-10:2.94-10:0.59-10:3.2-50:1.9.10-3.30:1.8.12-5.60:1.1.0+git.20170126-3.30:20190128-3.30:1.33.0-10:7.2.1-70:7.2.1_k4.12.14_195-70:2.0.14-5.30:0.26.8-3.80:0.165.0-10:2.05-100:3.2-7.60:17.11.5-40:18.08.5-10:17.11.13-6.150:3.7.4-10:1.8.0_sr5.11-10:1.8.0.161-10:1.0.2n-10:4.2.8p11-20:0.162.1-10:12.1-30:10.0.2.0-3.30:1.8.0_sr5.30-3.160:1.8.0.201-3.160:1.0.2p-3.140:4.2.8p13-4.60:4.5.18-20:3.15.0-20:1.16.61-60:1.2.2-10:0.99.25-20:1.4.0.3-20:2.4.33-10:1.2.43-10:1.0.17-10:2.9.2-10:2.3.1-20:17.11.2-10:17.11.2_k4.12.14_23-10:3.0.16-10:5.2.2-10:2.5.3-10:1.1.1-20:10.2.15-10:2.8.2-40:1.2.15-10:0.14.0-20:2.7.4-40:0.6.0-20:2.6.7-10:1.6.4-10:1.5.6-20:1.0.0-70:1.11.0-70:8-70:1.4.9-30:0.1.26-20:4.0.23-30:5.44-10:3.0.3-50:2.4.33-3.150:1.2.43-3.30:2.3.3-50:18.11-20:18.11_k4.12.14_195-20:3.0.16-3.30:5.2.2-3.30:10.2.22-3.140:0.14.1-20:2.6.7-3.30:1.6.4-3.30:1.14.0-40:2017+git1510945757.b2662641d5-5.220:1.0.0+-70:1.12.0-70:0.1.32-4.50:4.4-5.30:3.0.3-7.70:1.9.2-20:1.0.15-20:7.2.5-20:8.11.1-10:9.0.5-10:2.7.2-20:7.2.5-4.120:10.15.2-1.60:8.15.1-3.140:9.0.14-20:52.8-10:1.2.4-10:0.97.3-20:2.0.5-10:2.0.0~rc2-10:0.3.34-10:2.8.22-30:3.26.3-20:1.7.1-10:0.3.13-20:3.3.1-40:4.1.1-20:2.13.0-30:0.18.9-10:6.0.4.2-10:0.0.5-10:0.9.10-20:0.2.8.4-20:0.10.2-10:7.08-40:3.2.6a-20:60.6.1-3.280:2.0.9-3.130:2.0.0~rc4-80:3.26.3-4.30:1.7.1-50:0.3.14-4.30:2016.2.22-3.30:0.18.9-3.80:6.1.3.2-60:0.0.6-50:0.9.10-4.90:0.10.2-3.30:0.7.5-3.120:2.48.5.2-3.50:2.45.15.2-3.50:17.12.0-3.230:4.0.13-3.70:1.14.28-3.180:2.2.5-4.30:2.16.4-3.30:5.5-3.30:6.00-4.30:4.0.9-5.90:9.23-3.30:20180703-3.30:8.33.1-3.30:5.26.1-7.30:4.10.1_06-3.30:2.26-13.30:1.8.2-6.30:2.4.7-3.30:1.1.0h-4.30:4.14.1-10.30:2.31.1-9.30:2.20.3-3.30:4.12.14-25.30:1.16.1-3.30:0.114-3.30:2.2.7-3.30:20180525-3.30:4.0.7-3.30:4.12.14-25.60:0.100.1-3.30:2.4.8-3.60:4.7.8+git.86.94b6d10f7dd-4.150:2.11.2-9.40:20180807-3.60:4.12.14-25.130:4.10.1_08-3.60:7.60.0-3.60:4.12.14-25.160:10.5-4.50:2.11.2-9.90:5.6-3.60:0.6.35-3.50:17.6.4-3.100:1.14.10-3.70:0.34-3.30:7.60.0-3.90:2.20.5-3.80:4.5-7.30:2.4.9-3.90:3.6.2-6.30:1.1.0i-4.90:9.25-3.60:4.12.14-25.190:2.7.14-7.30:2.16.4-3.60:4.12.14-25.220:0.7.5-6.30:2.31-6.30:0.100.2-3.60:2.4.10-3.120:0.6.9-3.30:4.0.9-5.140:5.7.3-7.30:3.3.2-3.30:4.12.14-25.250:7.60.0-3.140:0.18.0-3.80:234-24.150:20181025-3.60:1.19.6-8.30:7.6p1-9.30:2018.3.0-5.200:1.1.0i-4.150:2.54.3-4.70:4.0.9-5.170:2.11.2-9.120:10.6-4.80:4.0.9-5.200:2.2.7-3.60:4.7.11+git.140.6bd0e5b30d8-4.210:2.11.2-9.170:9.26-3.90:3.4-4.30:5.48-5.80:3.40.1-3.70:4.10.2_04-3.90:2.4.11-3.150:0.6.32-5.50:0.1.10-3.20:3.6.2-6.50:1.2.4-3.120:4.7.11+git.153.b36ceaf2235-4.270:0.23.2-4.20:2.1.11-3.50:1.3.15-3.60:0.9.36-4.100:1.5.0-3.30:1.0.6-5.30:1.1.32-3.30:20190507-3.150:2.11.2-9.250:4.12.14-150.170:4.10.3_04-3.190:7.6p1-9.130:2.40.1-6.30:4.0.0-9.190:7.70-3.50:2.4.12-3.190:20190514-3.190:1.1.6-3.30:3.6.7-6.110:3.6.8-3.160:5.48-5.160:4.0.0-9.220:7.60.0-3.200:234-24.300:20190513-3.30:1.10.6-5.60:234-24.200:4.13-4.50:1.4-5.80:1.11.1-4.30:4.2-6.70:1.5.1-6.70:1.6.34-3.90:9.11.2-12.110:9.26a-3.120:8.0.1568-5.30:1.16.1-3.240:0.168-4.50:1.12.2-3.50:10.80.1-3.80:4.12.14-150.220:2.54.3-4.150:1.12.2-3.80:2.4.15-3.280:4.0.0-9.270:2.4.2-3.30:1.15.2-6.60:1.1.6-3.60:1.0.8-3.30:2.24.2-3.270:4.2.3-3.80:20190618-3.220:2.5.5-4.30:10.9-4.130:2.54.3-4.180:2.2.5-3.30:1.0.6-5.60:4.12.14-150.270:1.8.2-6.170:3.44.1-3.160:2.26-13.240:20190423-3.90:1.1.0i-4.180:11.0.4.0-3.330:1.0.6-5.90:2.2.5-4.110:3.4.2-7.40:0.114-3.90:3.1.2-3.90:1.10.6-3.60:3.6.8-3.230:2.7.14-7.140:4.12.14-150.320:4.9.2-3.60:2.4.16-3.310:2.7.14-7.170:3.6.5-3.80:5.1.0-4.60:10.10-4.160:4.12.14-25.280:2.11.2-9.280:0.12.2-3.30:1.22-6.40:9.26a-3.180:1.8.2-6.200:7.60.0-3.230:2.31.1-9.80:4.5-7.60:2.4.46-9.190:1.1.0i-4.240:4.12.14-150.350:7.70-3.120:2.24.4-3.310:2.2.5-3.60:9.27-3.210:1.16.1-4.80:1.39.2-3.30:2018.03-4.30:2.7.14-7.60:0.6.32-5.30:2.11.2-9.200:5.9.4-8.110:3.1-5.70:7.6p1-9.230:2.22.6-3.180:1.16.1-3.150:13.2.4.125+gad802694f5-3.70:2.4.13-3.220:1.8.0-4.30:1.2.3-3.80:4.8.3-4.30:0.12.4-3.30:1.1.0i-4.210:5.9.4-3.30:1.5.3-5.70:20190312-3.120:4.12.14-150.140:3.27.2-3.30:4.10.3_02-3.140:2.24.0-3.210:2.22.5-3.130:5.9.4-8.180:1.19.5-3.30:4.0.0-9.160:1.15.2-6.30:2.20.1-6.30:5.1.0-8.30:4.12.14-197.40:4.9.5+git.176.375e1f05788-3.60:1.12.2-8.30:5.1.0-8.60:4.12.14-197.70:20190618-3.30:4.12.14-197.100:1.8.2-8.60:10.9-8.30:14.2.1.468+g994fd9e0cc-3.30:4.12.14-197.150:3.1.1-9.30:20190401-3.30:14.2.2.349+g6716a1e448-3.90:1.2.14-6.30:2.33.1-4.50:4.6-3.50:1.24-9.40:4.9.5+git.187.71edee57d5a-3.90:0.14.1-6.30:1.1.0i-14.30:4.12.14-197.180:2019.01-7.30:6.43.0-3.30:1.1.2-5.30:18.06.1_ce-6.80:0.7.0.1+gitr2664_3ac297bc7fd0-4.30:1.0.0rc5+gitr3562_69663f0bd4b6-6.30:1.2.5-5.130:18.09.6_ce-6.170:0.7.0.1+gitr2726_872f0a83c98a-4.120:1.0.0rc6+gitr3804_2b18fe1d885e-6.180:18.09.6_ce-6.200:1.2.6-5.160:19.03.1_ce-6.260:0.7.0.1+gitr2800_fc5a7d91d54c-4.150:1.0.0rc8+gitr3826_425e105d5a03-6.210:1.1.2-5.60:18.09.0_ce-6.110:0.7.0.1+gitr2704_6da50d197830-4.60:1.0.0rc5+gitr3562_69663f0bd4b6-6.60:1.0.0rc5+gitr3562_69663f0bd4b6-6.90:0.2.1-1.70:1.0.0rc6+gitr3748_96ec2177ae84-6.120:0.4.1-3.30:3.6.1-3.30:1.4.4-4.80:0.3.0-3.30:1.7.1-3.30:1.4.4-4.110:7.0.7.34-3.90:0.94-6.30:52.9.0esr-3.70:3.4.2-4.50:7.0.7.34-3.140:7.0.7.34-3.170:3.26.2.1-13.90:60.2.0-3.100:60-4.30:7.0.7.34-3.240:0.2.8-3.20:1.8.0-3.30:7.0.7.34-3.270:60.2.2-3.130:60-4.50:0.3.6-3.30:1.8.0-3.60:0.6.45-6.70:60.3.0-3.170:7.0.7.34-3.340:0.2.8-3.40:60.4.0-3.210:3.4.2-4.170:60.7.0-3.400:0.2.8-3.60:3.26.2+20180130.0d9c74212-4.190:7.0.7.34-3.610:2.4.5-3.30:2.0.8-3.120:60.7.1-3.450:3.26.0+20180128.1bd86963-4.70:60.7.2-3.480:1.34.2.1-4.130:7.0.7.34-3.640:0.2.0-3.30:60.8.0-3.510:2.2.1-3.60:1.1.10-4.100:2.2.1-3.90:3.26.0+20180128.1bd86963-4.100:7.0.7.34-3.670:0.10.4-4.100:1.5.17-5.30:0.3.17-2.70:3.5.27-3.30:2.0.8-3.150:60.5.0-3.240:7.0.7.34-3.490:60.6.1-3.290:1.5.19-8.30:7.2.1-3.20:7.2.1_k4.12.14_23-3.20:2.10.0-5.20:2.10.0_k4.12.14_23-5.20:4.5.2-3.30:2.10.0-5.40:2.10.0_k4.12.14_25.13-5.40:0.26.6-3.50:2.10.0-5.60:2.10.0_k4.12.14_25.16-5.60:1.8.12-5.30:1.24.1-3.60:4.5.2-3.60:2.05-7.40:2.17-3.20:1.36.0-3.210:0.165.4-3.90:9.0.10-3.70:0.1.1-3.30:0.6.2-3.30:0.0.6-3.30:0.4.9-3.30:1.2.26-3.30:9.0.12-3.80:1.0.2p-3.110:1.10.4-3.60:1.10.7-1.50:15.0.11-3.30:11.0.3.0-3.210:1.10.8-1.80:1.4.0.3-4.70:1.8.0.212-3.190:1.1.1-4.30:1.12-3.100:1.11.9-1.120:1.12.4-1.90:3.26.6-4.30:7.2.5-4.320:9.0.20-3.240:17.9.0-3.30:9.0.21-3.270:7.2.5-4.350:0.14.1-4.30:0.14.1-3.30:0.4.10-3.60:1.4.3-1.30:10.2.25-3.170:1.8.0.222-3.240:1.7.2-3.30:1.4.0.26~git0.8a2d3de6f-4.140:11.0.2.0-3.180:1.2.7-3.30:17.9.0-3.60:1.11.13-1.180:1.12.9-1.150:2.4.33-3.210:1.9.2-4.30:0.8.5-3.50:0.16.2-3.30:2.11.1-3.60:4.0.11-3.100:4.0.14-3.260:4.0.25-3.230:1.2-9.190:0.8.7-1.30:0.9.10-4.60:1.14.2-3.30:0.18.9-3.50:2.4.33-3.90:2.0.0~rc4-3.30:0.10.5.1551309990.79898c7-3.30:1.8.0.191-3.130:2.2.36-7.60:1.11.5-1.90:0.9.10-4.30:1.8.0_sr5.35-3.200:4.12.14-5.300:1.0.3+20190326.a521604-3.30:1.0.3+20171226.6d62b64-3.30:4.12.14-5.330:9.0.21-4.50:6.2.5.2-8.50:0.4.10-7.30:4.12.14-5.380:1.12.0-9.30:8-9.30:18.08.8-3.40:1.8.0_sr5.40-3.240:1.14.2-6.30:6.2.7.1-8.100:4.12.14-14.80:17.11.7-6.30:1.8.0.171-3.30:1.0.2n-3.30:1.8.0_sr5.15-3.30:1.0.2p-3.80:1.8.0.181-3.100:1.8.0_sr5.20-3.60:4.2.8p12-4.30:1.8.0_sr5.25-3.90:1-1.30:1.1-5.30:2-20:2-40:3-20:3-70:4-100:4-20:5-20:5-130:6-20:6-160:7-190:9-20:10-280:1-1.50:10-20:7-20:11-20:8-20:8-220:9-250:1-1.90:1-3.30:4.12.14-5.50:4.12.14-5.80:4.12.14-5.130:4.12.14-5.160:4.12.14-5.270:4.12.14-5.190:4.12.14-5.240:2.3.1-3.30:4.12.14-8.130:17.11.2-3.20:17.11.2_k4.12.14_23-3.20:2017+git1510945757.b2662641d5-5.30:1.0.0-9.40:1.11.0-9.40:8-9.40:2.4.33-3.30:0.14.0-4.30:1.0.0-9.90:1.11.0-9.90:8-9.90:2.4.33-3.60:1.0.0+-9.120:1.11.0-9.120:8-9.120:1.0.0+-9.170:1.11.0-9.170:8-9.170:2017+git1510945757.b2662641d5-5.110:1.1.2-3.110:1.0.0+-9.250:1.11.0-9.250:8-9.250:2.1.4-3.170:4.8-5.80:1.0.0+-9.280:1.11.0-9.280:8-9.280:0.1.32-4.80:0.14.0-4.60:1.1.1-3.130:2.3.3-4.70:1.0.0+-9.200:1.11.0-9.200:8-9.200:2017+git1510945757.b2662641d5-5.140:1.2.2-3.180:2017+git1510945757.b2662641d5-5.190:2.3.3-4.100:2.3.3-4.130:1.0.0+-9.30:8.11.3-3.50:7.2.5-4.30:7.2.5-4.60:8.11.4-3.80:7.2.5-4.90:8.15.0-3.110:8.15.1-3.170:10.16.0-1.90:10.16.3-1.120:8.16.1-3.200:9.0.13+git.b83ade31-3.20:9.0.13+git.b83ade31_k4.12.14_23-3.20:1.8.14~git0.52e4d43b-3.30:1.1.18+20180430.b12c320f5-3.90:4.4.0+git.1558595666.5f79f9e9-4.60:1.8.17~git0.e89d25b2-3.90:1.8.15~git0.6b6a350a-3.60:4.4.0+git.1558595666.5f79f9e9-7.50:52.9.1-3.70:2.0.7-3.70:6.0.5.2-3.30:2.0.8-3.100:60.2.1-3.130:1.0.5-1.30:6.1.3.2-3.70:3.2.6a-4.30:60.7.0-3.330:60.7.0-3.360:2.0.11-3.160:60.7.2-3.430:6.2.5.2-3.180:60.8.0-3.460:6.2.6.2-3.210:60.5.0-3.200:60.5.1-3.240:5.20.0-612.10:53.0.2785.89-96120:0.8.20-90:54.0.2840.59-10950:2014.2.3.dev13-10:2014.2.2.dev26-30:1.6.4-0.70:1.0.0-140:2.6.3-20:10.32.2-30:6.8.8.1-50:31.1.0esr-10:13.2+git20140911.61c1681-10:0.6.35-10:1.0.27.2-110:0.6.31-200:4.2-750:6.2-750:9.9.5P1-10:1.2.4-30:1.0.6-270:6.4-30:0.98.4-10:1.1.7-20:0.1.25-30:1.1.0-1470:8.22-50:2.11-260:1.27.1-20:4.8.3+r212056-60:4.2-550:1.4.11-550:1.7.5-20:1.0.58-20:0.2.5-30:7.37.0-20:1.12.12-1810:2.1.26-70:0.100.2-30:4.2.6-70:0.97.2-130:037-340:103-50:0.158-30:24.3-140:3.10.3-10:2.1.0-130:6.3.26-50:5.19-20:2.10.9-50:11.2.202.406-10:1.0.2-70:2.5.3-20:2.9.3-30:1.1.36-540:2.1.0-30:2.30.6-10:2.40.2-10:3.10.0.1-130:2.8.10-10:2.38.2-50:2.19-170:3.10.1-40:3.10.5-10:3.10.4-220:3.2.15-10:2.0.24-10:1.22.2-50:7.4.326-20:1.6-70:1.0-60:3.14.6-30:1.4.10.1-20:1.5.0-20:s20121221-20:1.7.0.65-30:1.15.5-70:3.12.28-40:1.12.1-60:1.19-170:3.18-10:2.1.0-40:1.0.7-30:1.1.14-30:1.3.2-30:5.0.1-30:1.4.7-20:1.7.2-30:1.1.3-30:1.0.2-30:1.4.2-30:0.9.8-30:1.1.4-30:1.2.2-30:1.0.8-30:2.25-60:0.41.rc1-10:4.1.12-30:9.3.5-20:2.0.21-40:0.6.21-60:2.5.2.26539-130:3.16.4-50:1.11.4-10:7.2d-30:1.6.1-90:1.0.0-3520:0.4-30:210-440:0.15.1b-1820:1.11.5.1-50:2.2.7-30:2.0-120:0.11-20:2.4.2-140:5.2.2-40:2.08-10:3.2.0-40:0.6.2-150:0.8.8.4-130:2.1.5-270:10.0.11-60:0.30.0-30:0.9.8j-590:1.0.1i-20:1.36.3-40:1.2.50-80:1.6.8-20:0.112-20:0.24.4-30:0.4.11-110:5.0-20:2.7.7-20:3.4.1-20:4.8.6-20:2.0.10-30:0.15.4-30:4.3.1.2-30:0.19-160:1.1.10-240:0.4.8-180:1.0.25-180:5.7.2.1-30:2.44.2-10:0.25-30:0.6.3-10:3.7-20:4.0.3-90:2.1.3-10:1.2.5-130:1.3.3-80:0.28.2-170:1.10-10:3.1.1-10:2.9.1-60:0.1.6-10:0.11.1-40:4.0.4-20:3.8.7-30:1.4.16-150:2.0.2.umip.0.4-190:4.10.7-10:1.5.21-440:4.2.6p5-240:0.13.0-10:2.0.0-20:6.6p1-40:1.1.8-110:12.1-230:2.4.4-40:2.0-10:2.7.1-50:5.18.2-30:2.82-30:3.71-10:6.04-50:804.031-30:0.38-70:4.0.0-60:2.4.7-10:3.22-2670:3.6.2-30:1.4.5-10:1.1.7-210:0.14-10:0.7.0-40:2.0.0-400:1.0.0-400:1.7.4-400:8-400:1.9.7-20:3.0.2-10:3.1.0-20:8.4.0-20:0.11_git201205151338-80:0.7-140:1.7.2.4-10:5.1.3-40:1.8.10p3-10:0.83.7-20:2.0-7780:2.88+-940:5.1.1-10:0.18.1-30:5.2-80:1.3.0-170:2.3.1-40:3.10.1-10:1.4.0-160:0.5.3-1530:1.2.1-30:1.14-40:1.10.9-10:2.7.0-2640:4.4.1_06-20:4.4.1_06_k3.12.28_4-20:2.99.914-40:2.3.15-70:5.43-50:7.6_1-140:1.1.0-30:7.6-450:7.6_1.15.2-120:3.1.108-10:3.1.11-10:2.10-10200:1.7.1-40:6.8.8.1-80:38.4.0esr-510:13.2+git20140911.61c1681-90:0.6.35-30:5.0.9-80:9.9.6P1-300:2.25.0-130:1.21.1-30:6.4-60:0.98.7-130:1.1.7-50:8.22-90:2.11-290:4.8.5-240:4.2-580:1.4.11-580:1.7.5-90:1.0.58-80:7.37.0-150:1.8.16-140:4.3.3-20:2.71-80:037-660:1.42.11-70:0.158-60:2.0.2-60:5.19-90:2.10.9-80:11.2.202.548-1110:2.5.5-7.50:2.9.3-50:2.1.0-50:3.10.0.1-230:2.19-310:3.10.1-110:3.10.2-200:3.10.4-400:3.2.15-110:0.10.23-170:6-110:52.1-70:1.7.0.91-210:1.6.1-2.30:1.6.1-2.40:1.8.0.65-10:1.15.5-8.40:3.12.49-110:1.12.1-190:1.3.0-60:5.3.2-10:1.4.7-40:1.7.4-90:3.1.2-90:1.2.0-30:2.25-300:0.41.rc1-40:4.2.4-40:9.4.5-40:3.19.2.1-290:1.6.1-160:210-830:1.11.5.1-140:1.900.1-1700:2.4.8-160:1.3.1-300:62.1.0-300:8.0.2-300:1.3.0-90:3.1.2-70:0.4-100:10.0.21-10:0.9.8j-810:1.0.1i-340:1.5.22-20:1.6.8-50:0.113-40:2.7.9-200:3.4.1-120:4.8.6-40:5.0.2.2-130:2.1.2-90:1.0.25-210:5.7.3-40:0.29-10:0.12.5-20:1.4.3-110:0.6.3-80:3.7-40:4.0.4-120:0.8-30:1.2.18.1-40:0.2.8.4-2420:3.1.1-40:2.9.1-100:0.1.6-70:0.11.1-90:4.0.4-130:12.5-250:4.10.10-90:1.5.21-490:4.2.8p4-10:2.0.0-50:6.6p1-290:2.3.8-16.30:9.20.1-30:1.1.8-140:2.7.5-70:2.0019-50:0.38-100:2.3-50:2.3.0-6.50:2.3.1-50:1.0.0-50:1.8.1-50:8-50:0.2.1_rc4-160:4.11.2-100:8.4.0-80:1.4.8-80:5.1.3-180:0.83.8-70:1.27.1-40:4.5.1-70:5.2-100:1.4.3-70:6.00-320:1.4.0-260:1.14-70:1.12.7-150:2.2-80:20140630-50:4.5.1_12-20:4.5.1_12_k3.12.49_11-20:2.99.914-70:7.6_1.15.2-360:3.1.155-10:3.1.18-10:1.7.1-612.20:6.8.8.1-330:45.4.0esr-810:1.0.12-80:13.2+git20140911.61c1681-280:0.6.42-140:1.6.3-30:3.1.14-70:4.8.6+2.3.3-30:2.32.1-160:4.12.0-70:10.66.3-40:1.2.0-100:5.0.9-210:0.6.32-300:4.3-780:6.3-780:9.9.9P1-460:2.26.1-9.120:1.2.4-50:1.0.6-290:6.5-80:0.99.2-250:1.3.3-100:0.1.26-60:8.25-120:4.8.5-300:2.9.0-70:5.8-70:1.7.5-120:1.0.58-130:7.37.0-280:1.8.16-190:4.3.3-90:0.97.3-150:2.71-100:3.0.26-60:044-870:103-70:24.3-160:3.12.12-50:3.20.4-70:3.20.1-50:2.1.0-170:6.3.26-120:2.11.0-120:2.0.0~git.1463131968.4e66df7-110:2.6.3-7.80:2.1.0-120:2.34.0-160:2.40.15-40:3.10.0.1-520:9.15-60:2.8.18-40:2.48.2-100:2.22-490:3.20.0-270:3.20.1-400:3.20.4-700:2.0.24-30:2.02~beta2-1040:0.10.23-200:2.24.31-70:7-130:1.5.0-70:1.2.0-70:1.7.0.111-330:1.8.0.101-140:1.15.5-8.70:0.8.15-280:4.4.21-690:1.12.5-390:0.2.0-50:1.3.0-110:5.6.1-110:5.6.1-90:1.5.1-100:1.5.0-60:1.6.0-120:3.1.2-220:5.3.1+r233831-90:2.28-400:4.2.4-260:4.4.2-290:9.4.9-140:3.21.1-460:1.6.1-16.330:5.0.5-120:2.0.0-353.60:1.3.1-60:0.9-60:2.7.1-90:1.28-40:1.13.4-180:2.4.11-230:2.12.5-10:1.3.0-230:2.4.41-18.250:1.1.26-100:0.4-140:10.0.27-120:1.6-20:0.52.16-10:1.0.2j-550:0.9.8j-1020:4.0.0-90:1.40.1-90:1.2.50-130:1.5.22-40:1.6.8-110:0.113-5.60:0.43.0-150:0.24.4-120:0.4.13-160:2.7.9-240:4.8.6-70:5.1.5.2-290:2.1.2-120:1.0.25-250:2.54.1-40:0.31-70:0.12.7-60:3.8.10.2-30:1.4.3-190:0.6.3-110:228-1170:3.7-110:0.1.25-40:4.0.6-260:1.0.10-20:1.1.1-60:2.0.0-260:0.28.2-190:1.10-30:3.1.1-120:2.9.4-270:0.11.1-120:4.0.4-60:12.5-280:4.12-150:1.6.0-540:4.2.8p8-140:2.0.0-110:7.2p2-550:2.3.8-16.60:9.20.1-60:5.18.2-110:4.0.0-110:3.8.5-50:1.5.7-70:16.0.0-2.30:2.8.1-6.110:2.6.1-270:1.0.0-270:1.9.1-270:8-270:3.4-60:0.2.3-210:4.11.2-150:3.1.0-120:8.4.0-140:0.9-200:1.7.2.4-30:4.3-60:5.1.3-220:1.8.10p3-60:3.0-850:0.84.0-130:2.88+-960:1.27.1-80:4.5.1-100:0.18.3-50:2.3.4-60:1.18.4-140:3.20.2-50:0.5.3-1570:1.14-100:1.12.13-310:2.2-140:4.7.0_12-230:2.99.917.641_ge4ef6e9-120:4.3.0-80:7.6_1.18.3-570:5.22-70:3.1.206-37.10:3.1.23-60:3.1.57-1612.30:6.8.8.1-700:52.2.0esr-1080:1.0.12-120:13.2+git20140911.61c1681-360:1.0.27.2-150:2.8.2-490:0.3.6-100:1.2.0-150:5.0.9-270:4.3-820:6.3-820:9.9.9P1-620:0.99.2-320:1.3.3-120:2.11-350:1.7.5-190:1.0.58-170:0.2.5-50:7.37.0-360:1.8.22-280:2.76-170:044-1130:4.9.33_k4.4.73_5-20:1.42.11-150:24.3-190:3.12.12-70:2.1.0-200:2.4.6-110:2.12.0-10:2.6.3-7.100:2.1.0-230:2.34.0-180:0.2.0-140:9.15-220:2.8.18-80:2.22-610:3.20.5-90:3.20.1-490:3.20.4-760:3.3.27-10:2.0.24-80:2.02-20:1.8.3-90:0.10.23-250:0.10.36-170:0.10.31-160:1.8.3-170:1.8.3-120:1.8.3-150:2.0.9-80:7.4.326-160:3.16.11-10:1.5.0-110:1.7.0.141-420:1.6.2-2.80:1.6.2-2.100:1.8.0.131-260:0.8.16-50:4.4.73-50:4.7.4-10:5.6.2-50:5.6.2-10:1.6.2-110:5.0.1-70:1.7.4-170:3.5.11-50:0.9.8-70:1.2.2-70:1.0.10-70:1.0.8-70:1.6.0-18.110:3.1.2-250:5.3.1+r233831-120:0.10.2-30:2.29.2-20:1.15.2-240:1.9.1-50:0.41.rc1-90:4.6.5+git.27.6afd48b1083-20:9.6.3-20:2.5.2.26539-150:3.29.5-570:7.2d-50:1.6.1-16.390:0.6.0-50:1.3.1-90:2.7.1-120:1.13.4-330:1.900.14-1940:4.12.0-100:2.4.41-18.290:1.1.29-10:2.4.2-160:5.2.4-60:10.0.30-280:10.66.3-70:1.0.2j-590:0.9.8j-1050:1.1-30:3.5.0-200:8.39-70:1.8.10-60:1.12-190:1.2.50-190:1.5.22-90:1.6.8-140:5.0-40:2.7.13-270:3.4.6-240:1.2.4-100:5.2.5.1-420:2.1.9-180:1.0.25-350:0.33-10:0.12.8-10:3.8.10.2-80:228-1420:4.9-10:4.0.7-430:1.0.1-160:0.5.0-110:3.3.0-40:10.1.5-20:2.2.7-470:2.9.4-450:1.1.28-160:1.2.8-110:4.0.4-140:0.13.62-90:3.11.0-10:2.7-30:4.13.1-180:4.2.8p10-630:2.0.0-170:7.2p2-690:2.3.8-16.170:1.1.8-230:1.4.25-40:3.8.5-140:2.8.1-6.160:2.9.0-50:1.10.2-50:0.2.3-230:1.4.7-200:8.24.0-10:1.0.24-30:1.4.8-160:0.9-230:5.1.3-250:1.8.20p2-10:3.0-940:2.88+-990:1.27.1-140:4.9.0-130:5.0.14-30:0.5.3.git20161120-1600:1.14-200:4.9.0_08-20:2.99.917.770_gcb6ba2da-10:4.3.0-120:7.6_1.18.3-710:3.2.36-10:3.2.2-10:3.2.11-112.40:6.8.8.1-71.850:52.9.0esr-109.380:1.0.12-13.60:3.6.312.333-3.130:13.2+git20140911.61c1681-38.80:0.6.42-16.30:3.1.14-8.60:4.8.7+2.3.4-4.70:1.2.0-17.30:5.0.9-28.30:4.3-83.150:6.3-83.150:9.11.2-10:2.31-9.260:5.13-5.40:12.2.8+git.1536505967.080f2248ff-2.150:6.5-9.30:0.100.2-33.180:1.1.0-148.30:8.25-13.70:2.11-36.30:4.8.5-31.170:1.7.5-20.170:1.0.58-19.20:7.60.0-20:1.12.12-182.30:2.1.26-8.70:1.8.22-29.100:4.3.3-10.140:2.78-18.30:044.1-90:1.43.8-10:103-8.30:24.3-25.30:3.12.13-8.30:3.20.2-6.220:2.1.0-21.30:2.4.6-12.30:5.22-10.60:2.12.0-3.30:2.0.0~git.1463131968.4e66df7-12.30:2.6.3-7.150:2.9.3-6.30:1.1.36-58.30:2.1.0-24.90:2.34.0-19.170:2.40.20-5.60:3.10.0.1-54.60:9.25-23.130:2.8.18-9.30:2.22-150:3.20.0-28.30:3.20.1-50.50:3.20.4-77.170:3.20.3-23.60:3.3.27-3.30:2.0.24-9.30:2.02-110:4.9.0beta-3.30:1.6-9.30:7-70:52.1-8.70:1.7.0.181-43.150:1.8.0.181-27.260:2.0.4-8.100:0.8.16-90:4.12.14-94.410:20180525-30:1.12.5-40.280:2.7-9.70:4.7.4-3.30:1.0.8-120:2.1.0-6.30:5.6.2-6.120:1.7.1-5.30:1.6.2-12.50:1.1.14-4.60:1.1.1-120:1.3.2-4.30:1.5.1-11.30:1.6.0-18.230:2.29.2-70:1.15.2-25.30:1.9.1-9.40:0.90-6.30:4.6.16+git.124.aee309c5c18-3.320:10.5-1.30:2.0.21-6.30:2.2.1-5.70:0.6.21-8.30:3.29.5-58.120:1.6.1-16.610:1.3.1-10.30:1.0.1-16.30:0.15.1b-184.30:1.28-5.30:1.16.1-20:1.13.4-34.70:1.900.14-195.80:2.20.3-2.230:1.5.3-31.70:62.2.0-31.70:8.1.2-31.70:6.2.0dev-22.30:2.4.41-18.400:1.1.29-3.30:2.6.4-6.60:2.4.2-17.40:0.8.9.0+git20170610.f6dd59a-15.40:0.3.13-7.90:10.0.35-10:5.9-580:0.9.9-3.70:2.1.0-4.90:1.0.2p-20:1.0.2p-10:0.9.8j-106.60:8.39-8.30:1.8.10-7.30:1.12-20.30:0.9.2-3.30:0.113-5.120:0.43.0-16.150:3.3.9-11.140:2.7.13-28.110:3.4.6-25.160:7.1.1-3.30:4.8.7-8.80:1.2.4-14.30:0.15.4-210:6.0.5.2-43.380:1.0.25-36.160:5.7.3-6.30:2.62.2-5.70:0.33-3.60:0.12.8-60:1.5.2-3.20:0.6.3-12.60:0.0.5-70:228-150.490:4.9-3.50:4.0.9-44.240:1.0.1-17.60:10.3.0-20:1.3.3-10.140:1.3.0-3.30:4.60.99-5.30:2.4.9-48.290:0.10.2-2.40:1.10-4.30:2.9.4-46.150:0.5.3-3.30:1.5.0-30:0.11.1-13.30:16.19.0-2.360:0.13.67-10.140:3.11.0-2.110:10.2.18-10:1.10.1-55.60:4.2.8p12-64.80:7.08-10:2.0.0-18.170:7.2p2-74.250:2.3.8-16.200:9.20.1-7.30:1.1.8-24.140:2.7.5-8.50:5.18.2-12.170:1.34-3.30:2.0019-6.30:3.22-269.30:3.8.5-15.90:16.0.0-4.60:2.11.1-6.280:2.7.0-20:2.11.2-40:1.0.0-40:1.11.0-40:8-40:2017+git1510945757.b2662641d5-20:4.11.2-16.160:3.1.0-13.130:8.24.0-3.160:0.12.21~rc-1001.30:1.4.8-17.30:4.2.1-27.190:0.22.0+git.20160103-15.60:0.16.0-8.50:5.1.3-26.50:1.8.20p2-3.70:3.0-95.180:1.27.1-15.30:4.9.2-14.50:5.2-11.60:3.2.5e-2.30:20180807a-13.350:2.3.6-7.90:6.00-33.80:1.14-21.70:2.2-15.30:20140630-6.30:4.11.0_08-10:4.15.0-10:2.3.15-8.80:1.19.6-20:3.2.48-3.290:3.3.1-10:3.2.17-10:5.0.5-6.70:1.13.45-21.230:1.4.2-50:4.0.22+git.1455008135.15c5e92-80:1.6.5-50:1.1.15-190:1.4.35-10:3.10-170:1.7.3-30:4.0.25+git.1485179354.eb43835-20:1.6.11-100:1.1.16-40:1.4.35-30:2.3.6-9.130:4.2.1+git.1537269352.7b1fd536-10:1.1.19+20180928.0d2680780-10:12-00:1.6.2-310:3.10-150:16.05.8.1-50:1.5.4-20:1.6.0_sr16.1-50:3.4.5-30:5.5.14-40:7.0.7-150:4.4.13-20:4.5.0-50:6.9.5-70:1.9.4-10:1.9.2-10:1.0.15-40:3.1-40:2.4.10-60:1.2.40-10:1.0.8-90:2.0.8-80:1.13.4-40:2.2.13-20:3.0.3-30:1.8.5.2-20:1.26.9-10:6-70:1.1.1-1200:1.7.0.6-330:1.5.3-10:2.7.1-40:7.4.0-130:2.1.17-10:2.1.2-80:2.1.2_k3.12.28_4-80:2.4-7240:2.3.18-350:2.6.7-20:0.99.22.1-30:3.3.13-10:1.4-230:5.00-10:2.5-10:7.0.55-20:2.4.16-50:1.2.40-50:1.0.8-130:2.0.8-110:3.0.3-100:1.8.5.6-110:1.26.10-40:0.8.0-110:1.7.1_sr3.10-140:1.8.0_sr1.10-20:1.3.10-40:2.7-10:2.4.41-18.30:2.1.2-4.50:2.1.2_k3.12.49_11-4.50:1.2.26-60:2.6.9-20:3.0.8-10:3.3.13-40:5.00-30:2.5-40:8.0.23-10:3.0.2-240:2.4.23-140:1.0.14-180:2.5.37-80:1.13.4-60:2.3-30:7.37.0-310:1.8.5.6-180:1.32.4-140:0.8.0-150:1.7.1_sr3.50-280:1.8.0_sr3.0-100:1.1.32-90:0.9.9-160:7.4.3-150:2.5.1-240:1.3.2-170:0.99.22.1-120:3.0.18-260:3.5.21-230:3.0-70:8.0.36-110:3.0.2-310:1.0.15-60:2.4.23-280:7.1.8-30:7.1.8_k4.4.73_5-30:2.2.30.2-140:3.0.14-10:2.12.3-260:1.32.4-190:0.8.0-180:1.1.1-2550:1.7.1_sr4.5-370:1.8.0_sr4.5-290:0.9.30-50:1.1.34-120:1.4.33-30:4.021-110:2.5-90:1.3.3-50:2.7.3-10:3.12-250:0.99.22.1-150:3.0.25-480:3.5.21-250:1.4-290:3.0-100:8.0.43-230:3.0.2-390:1.9.4-3.30:2.4.23-29.240:1.0.14-19.30:1.4-290.30:7.2.1-20:7.2.1_k4.12.14_94.41-20:2.2.31-19.110:17.11.4-30:17.11.4_k4.12.14_94.41-30:0.7.3-10:3.0.15-2.80:2.12.3-27.140:1.32.4-21.30:0.8.0-19.30:1.7.1_sr4.30-38.260:1.8.0_sr5.20-30.360:1.5.3-2.30:1.5.1-4.30:2.8.4-30:1.1.1-17.70:1.2.12-3.30:2.5.5-3.30:2.5.5-6.30:1.2.17-10:0.9.9-17.50:1.5.6-3.60:1.4.39-4.60:4.021-12.50:2.5-10.30:1.3.5-30:2.7.4-10:3.12-26.60:3.0.38-52.260:3.5.21-26.90:1.4-30.60:5.00-4.30:3.0-150:20170711_1.9.7-10:9.0.12-10:3.0.2-40.110:3.1.206-360:2.4.0-1670:2.12.6-30:2.5.3-40:1.0.1-50:3.8.3-2610:1.3.0-250:1.1.12-70:3.6.10-40:1.3.7-10:1.8.10-10:0.148.1-10:1.7.3-10:3.2.5c-20:2.5.5-10:1.1.13-100:1.8.10-150:1.0.20100204cvs-250:2.8.2-30:0.152.0-110:5.5.14-390:2.0.0.b5-30:0.7-50:1.0.9-10750:1.8.10-240:2.8.2-90:5.1.35-30:4.03.0-6.90:5.5.14-730:2.4.0-1680:1.8.12-10:1.10.9-30:0.24.1-60:0.24.4-14.30:2.8.2-140:0.158.0-140:5.5.14-1080:7.0.7-490:3.03.0-30:1.8.12-3.50:20171128-9.30:1.10.9-4.30:0.24.1-7.60:3.11.9-6.70:0.24.4-14.130:1.3.2dev-22.30:2013.20130620-22.30:2013.20130620.svn30088-22.30:2013.20130620.svn25623-22.30:2013.20130620.svn29741-22.30:2013.20130620.svn8329-22.30:2013.20130620.svn30845-22.30:2013.20130620.svn30613-22.30:2013.20130620.svn3006-22.30:2013.20130620.svn14050-22.30:2013.20130620.svn29053-22.30:2013.20130620.svn30313-22.30:2013.20130620.svn18674-22.30:2013.20130620.svn29688-22.30:2013.20130620.svn6898-22.30:1.8.19-25.30:2.8.2-15.130:5.1.42-5.40:2.10.09-4.50:0.7-9.30:4.03.0-8.60:0.162.1-15.60:5.5.14-109.410:7.0.7-50.520:0.8.7.3-7.30:1.7.12-3.30:4.3.5.2-100:4.3.3.2-60:1.7.5-50:3.12.38-440:3.12.39-470:3.12.32-330:3.12.43-52.60:1.12.1-160:3.12.44-52.100:2.7.3-40:3.12.36-380:3.12.44-52.180:3.12.48-52.270:1.12.1-90:1.1.3-40:0.2.10-40:0.0.2-40:1.1.2-40:0.12.1-30:0.9.4-40:1.3-40:0.23-40:3.12.51-52.310:1.12.1-220:1.3.8-2.30:0.9.26-3.30:3.12.60-52.490:3.12.60-52.540:5.1.3.2-220:3.12.51-52.340:3.12.51-52.390:1.12.1-250:3.12.55-52.420:1.5.3-170:1.12.1-280:1.5.4-200:1.6.1-230:210-70.480:3.12.55-52.450:3.12.51-60.200:1.3.8-40:0.9.26-40:3.12.59-60.410:3.12.59-60.450:3.12.51-60.250:3.12.62-60.620:1.12.1-360:4.02.3-6.60:6.1.6-100:210-1140:9.15-110:3.12.62-60.64.80:9.15-140:9.15-170:3.12.67-60.64.180:3.12.67-60.64.210:3.12.67-60.64.240:3.12.53-60.300:3.12.57-60.350:210-1040:3.12.69-60.64.290:3.12.69-60.64.320:2.8.7-270:3.12.69-60.64.350:15.2.1-80:1.16.10-12.60:9.15-200:3.12.74-60.64.400:4.4.21-840:4.4.21-900:4.4.59-92.240:228-1490:5.3.3.2-40.50:4.4.74-92.290:228-150.70:0.43.0-16.50:4.4.74-92.320:4.4.74-92.350:2.6.1-10.30:228-1320:4.4.74-92.380:1.12.5-40.130:4.4.90-92.450:1.12.5-40.160:2.8.7-28.30:4.4.90-92.500:4.4.103-92.530:4.4.49-92.110:4.4.49-92.140:4.4.59-92.170:4.4.38-930:4.4.59-92.200:4.4.103-92.560:228-150.290:9.15-23.70:4.4.114-92.640:5.4.5.1-40.240:228-150.320:1.7.5-20.30:4.4.103-92.590:4.4.120-92.700:1.12.5-40.230:228-150.90:4.4.82-6.30:5.3.5.2-43.50:4.4.82-6.60:4.4.92-6.180:4.4.92-6.300:4.4.103-6.330:4.4.138-94.390:4.4.103-6.380:4.4.140-94.420:1.7.5-20.140:4.4.143-94.470:4.4.155-94.500:4.4.156-94.570:2013.20130620.svn18336-22.30:4.4.162-94.690:228-150.530:4.4.114-94.110:9.26-23.160:1.7.5-20.200:5.4.5.1-43.190:0.9.34-3.30:4.4.120-94.170:4.03.0-8.30:4.4.126-94.220:1.1.3-24.60:6.0.3.2-43.300:4.4.103-94.60:6.0.4.2-43.330:9.15-23.100:4.4.131-94.290:1.12.5-40.310:4.4.178-94.910:228-150.660:1.1.3-24.90:228-150.580:9.26a-23.190:6.2.3.2-43.490:4.4.180-94.970:2.8-22.80:2.48.2-12.120:0.6.32-32.30:4.4.180-94.1000:0.9.2-3.60:228-150.630:4.4.175-94.790:9.26a-23.220:4.4.176-94.880:4.12.14-95.30:10.2.21-3.70:4.12.14-95.160:4.12.14-95.190:2.48.2-12.150:0.9.2-3.90:4.12.14-95.240:4.12.14-95.60:15.2.1-9.50:4.12.14-95.290:10.2.25-3.190:9.26a-23.250:6.2.7.1-43.560:4.12.14-95.320:15.2.1-9.80:9.27-23.280:4.12.14-95.130:1.3.0-220:3.2.15-40:11.2.202.425-190:12.5-220:4.2.6p5-310:2.3.2-110:1.8.12-60:4.5.1-40:0.6.3-40:11.2.202.411-40:1.7.0.71-60:8.4.0-50:11.2.202.418-110:31.3.0esr-150:31.0-90:3.17.2-120:2.7.7-90:0.9.8j-660:1.0.1i-90:11.2.202.424-150:5.19-50:4.4.3_06-22.150:4.4.3_06_k3.12.48_52.27-22.150:38.5.0esr-540:9.9.6P1-28.60:0.9.8j-870:7.6_1.15.2-210:3.2.1-30:2.02~beta2-56.90:11.2.202.559-1170:31.5.0esr-240:2.5.3-50:9.3.6-50:6.00-280:11.2.202.451-770:1.7.0.75-110:2.19-200:1.0.1i-200:0.9.8j-730:4.4.1_10-90:4.4.1_10_k3.12.36_38-90:31.5.3esr-270:1.10.13-80:0.11.1-60:4.4.2_02-150:4.4.2_02_k3.12.38_44-150:31.6.0esr-300:11.2.202.457-800:3.2.15-70:10.0.16-150:1.7.0.79-150:1.0.58-50:3.10.0.1-160:7.6_1.15.2-170:11.2.202.429-230:4.2.6p5-440:11.2.202.460-830:0.12.4-60:2.0.2-460:1.0.0-460:1.7.4-460:8-460:4.4.2_04-180:4.4.2_04_k3.12.39_47-180:1.3.2-100:1.4.1-320:31.7.0esr-340:2.71-40:1.4.0-230:31.4.0esr-200:3.17.3-160:4.4.2_06-210:4.4.2_06_k3.12.39_47-210:11.2.202.466-860:1.10.14-120:2.4.39-160:7.6_1.15.2-280:11.2.202.468-890:1.0.1i-250:0.9.8j-780:7.37.0-50:1.6.1-130:9.9.6P1-180:11.2.202.481-930:11.2.202.491-960:9.3.8-80:31.8.0esr-370:3.19.2_CKBI_1.98-210:4.10.8-30:10.0.20-180:4.4.2_08-22.50:4.4.2_08_k3.12.43_52.6-22.50:9.9.6P1-230:1.7.0.85-180:9.9.5P1-80:2.7.9-140:3.10.4-50:11.2.202.508-990:31.8.0esr-400:4.4.2_10-22.80:4.4.2_10_k3.12.44_52.10-22.80:5.3.1-4.40:0.1.6-40:1.0.1i-27.30:11.2.202.438-270:11.2.202.440-310:2.24-70:38.2.1esr-450:31.0-140:3.19.2.0-260:9.9.6P1-260:0.98.5-60:1.900.1-1660:2.0.2-48.40:1.0.0-48.40:1.7.4-48.40:8-48.40:1.0.1i-170:5.7.2.1-4.30:11.2.202.442-670:11.2.202.521-1020:1.2.5-210:38.3.0esr-480:4.10.9-60:0.2.1_rc4-13.30:2.25-100:0.12.4-8.50:11.2.202.535-1050:4.2.6p5-370:11.2.202.540-1080:5.1.3-90:2.0.2-48.90:1.0.0-48.90:1.7.4-48.90:8-48.90:9.3.10-110:0.98.6-100:2.19-22.70:0.9.8j-700:4.4.3_02-22.120:4.4.3_02_k3.12.48_52.27-22.120:1.1.3-70:0.5.0-50:1.3.1-30:2.8.8-90:0.1.1-50:0.1.2-40:0.1.3-30:0.1.1-40:0.0.1-20:0.9.1-30:0.5.7-30:0.1.2-50:0.3.6-30:0.1.4-30:0.7.1-30:0.0.2-20:1-20:4.1-60:0.1.3-40:3.7.1-30:0.4.1-30:1.18-30:20150827-50:4.4.1_08-50:4.4.1_08_k3.12.28_4-50:31.0-170:1.10.12-40:1.2.50-100:1.3.0-180:037-51.170:2.0.2-420:1.0.0-420:1.7.4-420:8-420:1.4.8-5.30:4.1.12-160:2.30.6-70:0.4-60:1.0.1i-27.60:11.2.202.554-1140:1.4.0-190:1.1.24-4.30:4.1.12-18.30:2.1.5-3.40:4.2.6-14.60:45.2.0esr-750:45.0-280:2.19-22.160:1.54.0-150:0.5.1-80:1.3.2-180:2.8.8-120:1_3335ac1-20:0.1.6-60:0.11.0-60:0.1.5-70:0.4.2-60:20160511-110:4.0.6-190:2.0.2-48.120:1.0.0-48.120:1.7.4-48.120:8-48.120:3.1.0-60:2.9.1-170:9.9.6P1-28.90:5.0.5-70:2.4.41-18.130:2.30.6-100:1.7.0.95-240:1.2.5-27.100:38.6.0esr-570:31.0-200:3.20.2-370:7.37.0-180:11.2.202.569-1200:2.19-22.130:9.3.11-140:4.2.6-14.30:9.4.6-70:38.6.1esr-600:1.0.1i-27.130:0.9.8j-940:2.9.1-130:11.2.202.577-1230:1.4.3-160:38.7.0esr-630:3.20.2-400:4.12-120:9.9.6P1-28.120:4.1.12-18.80:4.0.0-80:1.7.0.99-270:11.2.202.616-1260:3.4.0.2-150:4.2.1-110:4.2.4-18.170:3.1.1-70:1.6.1-16.270:1.12.16-130:2.9.1-200:1.0.1i-27.160:1.7.0.101-300:4.2.8p6-46.50:3.1.12.4-80:38.8.0esr-660:6.8.8.1-190:0.9.8j-970:1.12.9-220:11.2.202.621-1300:4.4.4_02-22.190:4.4.4_02_k3.12.55_52.42-22.190:1.12.11-250:6.6p1-420:6.6p1-330:10.0.22-20.30:3.0-820:2.9.1-240:2.0.2-48.190:1.0.0-48.190:1.7.4-48.190:8-48.190:0.12.4-8.90:4.2.8p8-46.80:6.8.8.1-250:3.1.2-120:11.2.202.626-1330:10.0.25-20.60:2007e_suse-190:1.1.5-60:3.19.2.2-320:9.9.6P1-320:2.02~beta2-730:1.0.1i-360:1.1.24-40:4.2.4-60:2.1.5-40:4.5.2_02-40:4.5.2_02_k3.12.49_11-40:2.3.1-140:1.8.1-140:8-140:2.19-380:6.8.8.1-300:11.2.202.632-1370:9.9.6P1-350:2.8.10-70:1.2.18.4-110:4.5.3_08-170:4.5.3_08_k3.12.59_60.45-170:45.3.0esr-780:3.1.0-90:2.25.35.1-30:2.11.0-60:10.0.26-90:6.6p1-520:11.2.202.635-1400:1.0.1i-520:4.5.3_10-200:4.5.3_10_k3.12.62_60.62-200:4.0.6-310:1.0.2-90:1.6.2-60:5.0.1-50:1.7.4-120:0.9.8-50:1.2.2-50:1.0.10-50:1.0.8-50:11.2.202.637-1430:2.24.24-30:0.8.15-290:1.8.22-220:1.11.5.1-280:2.3.1-210:1.0.0-210:1.8.1-210:8-210:2.9.1-26.30:3.4.5-170:11.2.202.643-1460:6.8.8.1-400:9.9.9P1-490:1.8.0.72-30:2.25-370:1.900.14-1810:11.2.202.644-1490:3.10.2-2.30:4.2-820:6.2-820:1.8.0.111-170:1.27.1-110:1.8.10p3-2.60:10.0.28-170:7.4.326-70:6.8.8.1-470:1.7.0.121-360:2007e_suse-220:8.39-50:2.3.1-240:1.0.0-240:1.8.1-240:8-240:45.5.0esr-880:3.21.3-500:45.5.1esr-930:4.5.5_02-22.30:4.5.5_02_k3.12.67_60.64.18-22.30:24.0.0.186-1520:10.0.22-30:4.2.8p9-550:4.5.5_04-22.60:4.5.5_04_k3.12.67_60.64.24-22.60:45.6.0esr-960:6.8.8.1-540:1.14-170:2.71-130:4.2.4-28.30:1.2.4-2.30:1.2.4-3.40:4.0.7-350:2.3.1-70:1.8.1-70:2.19-350:4.3.3-40:1.0.1i-440:9.9.6P1-380:4.2.4-110:4.5.2_06-70:4.5.2_06_k3.12.53_60.30-70:1.2.18.2-80:1.8.0.77-60:4.2.4-160:3.1.41.3-90:4.2.8p6-80:3.1.22-60:1.0.1i-470:1.8.0.91-110:4.2.8p7-110:2.8.1-6.90:0.12.5-40:10.0.25-60:0.10.31-13.30:0.10.36-11.30:0.10.23-19.30:0.10.23-19.60:1.8.0.121-200:3.2.15-160:2.11-320:0.12.5-70:10.0.29-220:45.7.0esr-990:4.0.7-400:1.0.1i-54.50:1.7.0.131-390:24.0.0.221-1580:1.900.14-1840:6.8.8.1-590:2.25-400:4.5.5_06-22.110:4.5.5_06_k3.12.69_60.64.32-22.110:1.2.8-6.30:9.9.9P1-560:6.6p1-54.70:037-910:1.8.22-24.80:0.2.0-10.30:10.1.0-5.30:25.0.0.127-1620:45.8.0esr-1020:4.2.4-28.80:24.0.0.194-1550:9.9.9P1-530:25.0.0.148-1650:9.9.9P1-590:0.10.36-11.60:1.2.4-2.90:1.2.4-2.60:1.0.25-280:4.2.8p10-600:2.1.9-150:1.4.3-240:1.8.1-90:4.5.5_10-22.140:4.5.5_10_k3.12.69_60.64.35-22.140:2.8.2-540:25.0.0.171-1680:2.3.1-320:1.0.0-320:1.8.1-320:8-320:45.9.0esr-1050:1.8.0.121-230:0.2.3-13.30:10.0.30-250:0.2.1_rc4-17.30:2.9.1-26.120:1.8-10.90:4.2.4-28.140:2.2.6-440:1.8.10p3-2.110:1.6.2-80:1.7.4-140:3.4.5-190:2.6.2-310:1.0.0-310:1.9.1-310:8-310:1.8.10p3-80:2.28-420:4.7.1_02-250:4.7.1_04-280:4.4.2-310:1.8.3-140:1.8.10p3-10.100:52-310:2.9.4-420:9.4.12-200:4.7.2_06-420:2.6.2-41.160:1.0.0-41.160:1.9.1-41.160:8-41.160:1.8.10p3-10.130:1.2.4-130:1.6.1-16.420:1.9.1-80:5.9-440:0.12.1-120:0.3.11-90:0.0.3-20:20170511-150:3.2.15-18.30:1.0.8-100:0.12.7-10.30:7.6_1.18.3-740:1.1.1-100:3.20.1-6.140:044.1-109.80:1.900.14-195.30:0.24.4-14.60:0.10.36-140:10.0.31-29.30:2.2.8-48.60:16.15.2-27.210:1.13.30-18.130:5.9-500:0.10.23-220:3.8.5-15.30:2.40.18-5.30:2.54.1-5.30:2.1.0-4.30:2.9.4-46.30:7.37.0-37.30:1.8.0.144-27.50:6.8.8.1-71.50:3.20.4-77.70:7.2p2-660:0.15.4-90:52.1-8.30:4.7.3_03-43.90:9.4.13-21.50:9.6.4-3.60:2.34.0-19.50:3.20.1-6.160:1.8.22-24.20:4.7.3_04-43.120:4.8.5-31.30:2.2.9-48.90:4.0.8-44.30:2.6.4-6.30:52.3.0esr-109.30:2.1.0-4.60:4.4.2-38.110:52.4.0esr-109.60:3.29.5-58.30:2.0.0-27.200:2.8.1-268.60:7.37.0-37.80:2.2.10-48.120:4.7.3_06-43.150:1.14-21.30:3.6.312-2.130:2.18.0-2.90:2.6.2-41.220:1.0.0-41.220:1.9.1-41.220:8-41.220:6.8.8.1-71.120:4.2.1-27.30:4.2.4-28.210:1.8.0.151-27.80:10.2.4+git.1481215985.12b091b-160:5.22-10.30:7.6_1.18.3-76.150:4.2.4-28.240:5.18.2-12.30:20170530-21.130:4.4.2-38.140:2.9.4-330:1.0.2j-60.160:2.29.1-9.200:4.7.4_02-43.210:52.5.0esr-109.90:0.12.7-80:1.1.14-4.30:7.2p2-74.110:1.0.2j-60.200:6.8.8.1-71.170:0.15.4-160:9.6.6-3.100:3.20.2-6.190:2.2.11-48.150:2.34.0-19.80:2.28-44.30:4.7.1_06-310:1.6.0-160:2.6.2-41.90:1.0.0-41.90:1.9.1-41.90:8-41.90:10.1.0-80:4.4.2-360:044-1080:4.7.2_02-360:4.7.2_04-390:2.6.2-390:1.0.0-390:1.9.1-390:8-390:4.4.2-38.60:1.8.10p3-10.50:2.9.4-360:2.9.4-390:5.6.1-17.30:5.6.1-13.30:2.3.8-16.140:2.1.0-24.30:3.1.0-13.100:2.2.12-48.180:6.8.8.1-71.200:7.37.0-37.140:1.3.3-10.30:2.18.5-2.180:0.99.3-33.50:2.1.0-24.60:9.9.9P1-63.70:6.8.8.1-71.330:1.0.25-36.70:52.6.0esr-109.130:2.6.2-41.310:1.0.0-41.310:1.9.1-41.310:8-41.310:10.0.33-29.130:2.0.0-27.290:2.9.4-46.120:2.22-62.60:4.7.4_06-43.240:9.6.7-3.130:4.8.30-290:4.3.3-10.110:0.13.67-10.50:6.8.8.1-71.420:6.8.8.1-71.230:1.2.0-12.30:2.22-62.100:4.2.1-27.60:1.7.0.171-43.120:1.8.0.161-27.130:9.4.16-21.160:20170530-21.190:10.0.34-29.160:20180312-13.170:9.6.8-3.160:7.37.0-37.170:1.3.3-10.60:0.99.4-33.90:2.2.13-48.210:2.22-62.30:2.6.2-41.370:1.0.0-41.370:1.9.1-41.370:8-41.370:4.4.2-38.170:52.7.3esr-109.250:6.8.8.1-71.470:2.0.0-27.340:4.0.9-44.70:9.4.17-21.190:1.7.0.161-43.70:4.7.5_02-43.270:1.0.2j-60.240:9.4.15-21.130:10.0.32-29.100:2.0.0-18.20:20170530-21.160:3.1.0-13.70:5.9-550:7.37.0-37.110:6.8.8.1-71.260:4.6.7+git.38.90b2cdb4f22-3.70:16.15.3-2.30:3.2.4-2.30:0.12.1-13.20:0.3.11-7.50:0.12.1-10.50:0.0.3-40:0.0.1-40:20170511-16.20:4.9.0_11-3.90:16.15.6-2.80:1.13.32-21.30:2.9.0-6.30:1.0.0-6.30:1.10.2-6.30:8-6.30:4.9.0_12-3.150:0.12.8-30:3.3.0-5.30:4.6.7+git.51.327af8d0a11-3.120:4.9.0_14-3.180:3.3.0-5.80:2.9.1-6.60:1.0.0-6.60:1.10.2-6.60:8-6.60:3.6.312.333-3.100:4.9.1_02-3.210:4.6.9+git.59.c2cff9cea4c-3.170:0.13.67-10.110:2.22-62.130:20170530-21.220:20180425-13.200:4.6.14+git.150.1540e575faf-3.240:1.8.0.171-27.190:9.6.9-3.190:4.2.8p11-64.50:10.0.35-29.200:52.8.1esr-109.340:4.0.9-44.150:3.3.9-11.110:6.8.8.1-71.650:1.0.2j-60.300:4.8.7+2.3.4-4.50:2.0.3-17.20:4.8.7-8.60:0.2.0-11.20:20180703-13.250:2.34.0-19.110:5.18.2-12.140:4.2.1-27.90:7.2p2-74.190:8.24.0-3.30:2.7.13-28.60:3.20.3-23.30:4.9.2_08-3.350:2.29.2-3.80:1.0.25-36.130:1.6.1-16.550:1.10.1-55.30:2.34.0-19.140:0.41.rc1-10.30:0.113-5.90:1.0.1-17.30:12.2.7+git.1531910353.c0ef85b854-2.120:1.0.8-8.40:3.3.0-5.220:4.6.14+git.157.c2d53c2b191-3.290:0.100.1-33.150:20180807-13.290:2.29.2-3.120:4.9.2_10-3.410:1.6.1-16.620:0.41.rc1-10.90:7.37.0-37.260:2.0.0-18.150:6.8.8.1-71.740:16.17.20-2.330:1.13.45-21.210:4.0.9-44.210:3.3.0-5.130:1.0.2j-60.390:6.8.8.1-71.790:6.8.8.1-71.820:0.6.8-7.50:1.900.14-195.50:9.6.10-3.220:4.9.3_03-3.440:2.9.1-6.190:1.0.0-6.190:1.10.2-6.190:8-6.190:2.7.13-28.160:0.3.6-11.30:2013.1.13-5.30:2.4.10-48.320:60.2.2esr-109.460:60-32.30:3.36.4-58.150:4.19-19.30:7.37.0-37.310:1.7.1-5.60:0.13.0-3.30:3.1.2-26.30:60.3.0-109.500:10.6-1.60:0.10.2-2.70:1.0.2j-60.460:4.11.2-16.210:0.23-12.50:4.0.9-44.270:7.2p2-74.300:5.9-610:6.8.8.1-71.930:1.3.1-7.130:16.0.0-4.110:18.0.1-4.80:0.9.8j-106.90:4.9.3_03-3.470:0.2.7-12.40:2.9.1-6.220:1.0.0+-6.220:1.10.2-6.220:8-6.220:4.9.2-14.80:2.4.41-18.430:5.6.2-6.150:5.13-5.70:4.0.9-44.300:4.9.1_08-3.260:3.1.0-3.30:60.4.0esr-109.550:3.40.1-58.180:4.20-19.60:2.4.11-48.350:4.9.33-4.110:4.9.33_k4.4.114_94.11-4.110:4.6.13+git.72.2a684235f41-3.210:2.1.10-3.30:2.9.1-6.120:1.0.0-6.120:1.10.2-6.120:8-6.120:0.33-3.30:3.3.0-5.190:1.4.1-5.80:0.13.67-10.80:3.4.6-25.70:4.2.8p11-64.30:2.2.14-48.240:5.18.2-12.110:1.54.0-26.30:3.20.1-10.60:0.1.0-6.60:0.13.0-13.60:0.13.4-10.90:0.0.1-1.30:0.4.7-10.70:20180403-16.90:6.8.8.1-71.540:4.0.9-44.100:4.9.2_04-3.290:2.9.1-6.90:1.0.0-6.90:1.10.2-6.90:8-6.90:1.3.3-10.110:7.37.0-37.230:52.8.0esr-109.310:2.9.1-6.160:1.0.0-6.160:1.10.2-6.160:8-6.160:2.7.13-28.30:4.3-83.100:6.3-83.100:12.2.5+git.1524775272.5e7ea8cf03-2.70:4.9.2_06-3.320:2013.1.13-5.60:2.24.0-2.380:6.8.8.1-71.1080:4.6.16+git.154.2998451b912-3.400:2.4.14-48.450:3.3.0-5.300:1.4.3-20.60:2.6-15.100:0.7.0-160.80:1.5.3-31.140:62.2.0-31.140:8.1.2-31.140:3.0-95.210:1.0.2j-60.520:2.24.1-2.410:2.8.1-8.30:3.8.10.2-9.60:1.8.0.212-27.320:1.1.28-17.30:20190507-13.410:2.9.1-6.340:1.0.0+-6.340:1.10.2-6.340:8-6.340:4.9.4_04-3.530:0.15.4-300:20190514-13.440:7.2p2-74.350:12.0.2-10.180:5.13-5.120:2.0.0~git.1463131968.4e66df7-12.80:4.0.4-23.30:7.37.0-37.400:4.9-3.100:2.4.12-48.390:60.7.0-109.720:3.20.4-77.230:3.22.6-19.90:1.7.0.221-43.220:9.9.9P1-63.120:2.7.13-28.260:0.2.7-12.60:0.14.1-13.90:0.14.1-10.120:0.4.10-10.130:20190423-16.180:7.4.326-17.30:2.22.5-2.320:0.6.11-12.30:1.13.4-34.370:10.8-1.90:7.2p2-74.420:3.3.0-5.330:1.8.6-3.30:1.8.3-13.30:3.8.10.2-9.90:0.10.36-18.30:1.4.3-20.90:0.9.8j-106.120:2.4.15-48.480:10.66.3-8.70:60.7.2-109.800:9.6.13-3.250:6.8.8.1-71.1230:2.78-18.60:0.158-7.70:0.113-5.150:0.15.4-270:8.24.0-3.190:0.12.8-120:3.4.6-25.210:7.37.0-37.340:1.1-11.30:60.5.0esr-109.580:60-32.50:3.41.1-58.250:1.8.0-5.80:3.3.9-11.180:20170530-21.280:2.7.13-28.210:1.7.0.201-43.180:12.2.10+git.1549630712.bb089269ea-2.270:2.22.6-2.350:1.8.0.191-27.290:2.9.1-6.280:1.0.0+-6.280:1.10.2-6.280:8-6.280:2.22.4-2.290:4.7.4-3.60:1.4.3-20.30:2.4.11-21.80:2.4.13-48.420:20190312-13.380:2.1.0-24.120:0.5.3.git20161120-161.30:4.2.8p13-850:1.0.2j-60.490:0.8.2-1.30:1.13.4-34.310:1.13.4-34.230:4.3-83.230:6.3-83.230:5.22-10.120:60.6.1esr-109.630:0.100.3-33.210:1.2.15-15.110:3.8.10.2-9.30:4.9.4_02-3.500:1.14-21.100:2.9.1-6.310:1.0.0+-6.310:1.10.2-6.310:8-6.310:1.7.1-5.110:3.4.6-25.240:7.37.0-37.370:1.1.1-2.30:1.0.2p-3.30:2.11.2-5.50:1.0.0+-5.50:1.11.0-5.50:8-5.50:2017+git1510945757.b2662641d5-3.50:10.0.37-2.30:2.22-100.80:1.1.1b-2.120:2017+git1510945757.b2662641d5-3.160:2.11.2-5.130:1.0.0+-5.130:1.11.0-5.130:8-5.130:4.11.1_06-2.110:4.0.0-8.120:1.16.1-4.120:4.0.0-8.150:2.22-100.150:1.1.6-3.50:10.9-1.120:4.0.4-15.30:20190618-5.80:2.1.0-21.60:0.9.0~git.1456906198.f422461-21.90:2.24.2-2.440:60.8.0-109.830:3.44.1-58.280:1.1.28-17.60:2.9.4-46.200:20190618-13.470:1.0.6-30.50:3.4.2-44.30:2.1.0-6.100:0.6.36-2.160:16.20.0-2.390:1.13.51-21.260:4.2-59.100:1.4.11-59.100:7.60.0-4.60:6.8.8.1-71.1260:1.0.6-30.80:2.1.0-6.130:1.7.0.231-43.270:0.113-5.180:1.8.0.222-27.350:3.4.6-25.290:3.20.2-6.270:4.9.2-14.110:2.7.13-28.310:2.4.16-48.510:10.0.38-2.60:2.1.0-4.120:1.0.12-13.120:5.18.2-12.200:0.6.36-2.27.190:16.20.2-27.600:1.13.54-18.400:10.10-1.150:3.1.2-2.60:2.24.4-2.470:2.11.2-5.180:1.0.0+-5.180:1.11.0-5.180:8-5.180:12.2.12+git.1568024032.02236657ca-2.390:7.60.0-4.90:1.5.13-15.110:2.4.41-18.630:60.9.0-109.860:2.1.0-21.90:3.5.25.3-5.30:4.11.1_02-2.30:7.60.0-4.30:2.11.2-5.80:1.0.0+-5.80:1.11.0-5.80:8-5.80:1.1.1-2.60:1.16.1-4.30:2.8.1-10.30:1.0.2p-3.60:2017+git1510945757.b2662641d5-3.80:2017+git1510945757.b2662641d5-3.130:1.1.1-2.90:4.11.1_04-2.60:4.0.0-8.912.50:1.0.0-90:1.5.4-2.40:4.2.4-18.300:4.2.4-18.440:4.2.4-18.350:1.0-22.50:1.4-26.40:1.4_k3.12.61_52.133-26.40:4.0.2_k3.12.61_52.133-22.50:8.4.4.7-9.110:8.4.4.7_k3.12.61_52.133-9.110:3.1.6_k3.12.61_52.133-22.50:1.8.2_k3.12.61_52.133-22.50:4.2.4-18.490:4.2.4-18.520:1.0.1+git.1456406635.49e230d-120:1.1.13-200:1.0-35.30:1.4-27.20:1.4_k3.12.74_60.64.93-27.20:4.0.2_k3.12.74_60.64.93-35.30:8.4.6-7.20:8.4.6_k3.12.74_60.64.93-7.20:3.1.6_k3.12.74_60.64.93-35.30:1.8.2_k3.12.74_60.64.93-35.30:4.2.4-28.290:4.2.4-28.320:1.1.15-210:1.0.0+git.1448981395.15fb8b9-4.30:4.4.2-38.200:4.4.121-92.920:4.4.121-92.950:2.3.5-6.230:4.4.121-92.800:4.4.2-38.250:4.4.121-92.1090:4.4.121-92.1140:4.4.121-92.1170:4.4.121-92.1200:4.4.121-92.1010:4.4.121-92.1040:4.0.1+git.1495055229.643177f1-2.40:9.0.8+git.c8bc3670-3.50:9.0.8+git.c8bc3670_k4.4.131_94.29-3.50:1.1.16-6.140:1.0.3+20171226.6d62b64-4.30:4.4.180-94.1030:1.1.19+20181105.ccd6b5b10-3.100:4.4.0+git.1558595666.5f79f9e9-3.50:1.1.19+20181105.ccd6b5b10-3.130:2-30:2-70:2-100:2-60:1-40:5-140:6-170:2-90:7-200:3-50:1-60:8-230:2-50:3-80:4-110:1-30:7-210:7-30:6-30:4-30:3-30:8-18.70:9-18.100:10-40:9-40:5-40:6-40:10-18.130:4-40:3-40:1.0-23.90:2-2.30:1-4.30:1-4.50:12-20:1-4.70:1-4.90:1-70:1-6.30:5-2.130:1-6.50:6-2.160:3-2.70:4-2.100:1-6.70:2016.11.4-46.70:2016.11.4-46.100:2016.11.4-450:2018.3.0-46.280:2018.3.0-46.440:4.8.1-32.30:2.8-19.170:5.0.18-60:1.1.7-70:1.8.3-490:1.4.5-80:1.1.2-201607270:1.0.5-201607270:0.2.4+gitr565_0366d7e-90:1.12.3-810:1.31.0-110:0.52.0-90:0.1.1+gitr2816_02f8fa7-90:1.0.4-201603081706330:1.1.1-201603041041230:1.1.1-201603070826320:2.0.3-20:1.10.3-660:2.2.0-20.30:1.1.4-201710020:1.0.7-201710020:0.2.5+gitr569_2a5e70c-150:1.12.6-870:0.1.1+gitr2819_50a19c6-150:5.0.18-12.90:1.0.2-201808210:5.0.18-12.50:0.2.9+gitr706_06b9cb351610-16.80:17.09.1_ce-98.80:0.7.0.1+gitr2066_7b2b1feb1de4-100:1.0.0rc4+gitr3338_3f2f8b84a77f-1.30:2.6.2-13.60:1.2.5-16.170:18.09.6_ce-98.370:0.7.0.1+gitr2726_872f0a83c98a-190:1.0.0rc6+gitr3804_2b18fe1d885e-1.230:2.0.2-220:18.09.6_ce-98.400:1.2.6-16.230:19.03.1_ce-98.460:0.7.0.1+gitr2800_fc5a7d91d54c-250:1.0.0rc8+gitr3826_425e105d5a03-1.290:1.0.0rc5+gitr3562_69663f0bd4b6-1.90:1.2.2-16.140:18.09.1_ce-98.340:0.7.0.1+gitr2711_2cfbf9b1f981-160:1.0.0rc6+gitr3748_96ec2177ae84-1.170:17.02.9-6.100:16.05.8.1-60:2.33-7.50:17.02.11-6.190:17.02.10-6.160:1.13.3-4.90:1.6.0_sr16.2-80:1.5.4-50:1.5.4-90:2.3.37-160:1.6.0_sr16.4-150:1.6.0_sr16.7-220:1.6.0_sr16.3-120:1.6.0_sr16.15-270:2.3.37-18.130:1.6.0_sr16.30-400:1.6.0_sr16.35-430:1.6.0_sr16.20-300:1.6.0_sr16.25-340:1.6.0_sr16.26-370:1.5.0-0.60:1.6.0_sr16.50-50.30:1.6.0_sr16.41-460:1.6.0_sr16.45-490:2.3.37-18.24.90:2.4.41-18.24.90:3.12.60-52.570:3.12.60-52.600:3.12.60-52.630:3.1.4-110:3.12.74-60.64.480:3.12.61-52.800:3.12.74-60.64.510:3.12.61-52.830:0.9.11-30:3.12.61-52.860:3.12.74-60.64.540:1.15.2-2.60:3.12.74-60.64.600:3.12.61-52.920:3.12.74-60.64.630:3.12.61-52.1010:3.12.74-60.64.660:3.12.61-52.1060:1.4.2-3.30:3.12.61-52.660:3.12.61-52.690:3.12.61-52.720:3.12.61-52.770:3.12.74-60.64.450:3.12.74-60.64.960:3.12.61-52.1360:1.15.2-2.90:0.18.5-4.30:3.12.61-52.1410:3.12.74-60.64.990:1.18.5-2.120:0.11-3.20:3.0.37-52.230:3.12.74-60.64.1040:3.12.74-60.64.1070:3.12.61-52.1460:3.12.74-60.64.690:3.12.61-52.1190:3.12.74-60.64.820:3.12.61-52.1250:3.12.74-60.64.850:3.12.61-52.1110:3.12.61-52.1280:3.12.74-60.64.880:3.12.74-60.64.930:3.12.61-52.1330:3.12.61-52.1490:3.12.74-60.64.1100:1.22-3.100:3.12.74-60.64.1150:3.12.61-52.1540:3.12.74-60.64.1180:3.12.74-60.64.1210:1.22-3.140:5.5.14-70:5.5.14-150:5.5.14-220:5.5.14-300:5.5.14-330:5.5.14-360:5.5.14-110:5.5.14-680:4.6.0-80:5.5.14-780:7.0.7-200:5.5.14-830:4.6.1-110:7.0.7-250:5.5.14-420:5.5.14-860:5.5.14-530:5.5.14-560:5.5.14-590:5.5.14-640:1.0-20:4.8.4-15.50:6.11.1-11.50:7.0.7-50.90:5.5.14-109.50:7.0.7-50.180:5.5.14-109.80:7.0.7-50.230:5.5.14-109.130:5.5.14-890:7.0.7-350:5.5.14-960:5.5.14-990:4.7.3-140:7.0.7-380:7.0.7-280:7.0.7-50.410:6.14.3-11.150:5.5.14-109.170:7.0.7-50.440:7.0.7-50.490:4.9.1-15.140:5.5.14-109.380:6.14.4-11.180:4.8.7-15.80:6.12.2-11.80:7.0.7-50.260:7.0.7-50.560:5.5.14-109.450:5.5.14-109.200:7.0.7-50.320:5.5.14-109.240:4.9.1-15.110:7.0.7-50.380:6.14.1-11.120:5.5.14-109.270:7.0.7-50.700:4.9.1-15.170:5.5.14-109.580:7.2.5-1.170:7.0.7-50.750:7.2.5-1.200:7.0.7-50.800:5.5.14-109.630:4.9.1-15.230:6.17.0-11.270:7.0.7-50.850:7.2.5-1.230:7.0.7-50.630:6.16.0-11.210:5.5.14-109.480:4.9.1-15.200:6.17.0-11.240:5.5.14-109.510:7.2.5-1.100:2.0.0-27.420:4.7.5_04-43.330:1.8.0_sr5.15-30.330:1.7.1_sr4.25-38.230:4.4.121-92.850:1-3.50:4.7.6_02-43.360:1-3.70:2.7.1-9.40:2.7.1_k4.4.121_92.92-9.40:4.7.6_04-43.390:2.0.0-27.450:16.17.20-27.520:1.13.45-18.330:3.2.15-18.60:3.0.14-17.30:2.6.2-41.430:1.0.0-41.430:1.9.1-41.430:8-41.430:1.0.58-15.20:10-17.200:1-3.40:2.7.1-9.60:2.7.1_k4.4.121_92.95-9.60:4.7.6_05-43.420:2.4.23-29.270:1.0.14-19.60:9.4.19-21.220:1.7.1_sr4.35-38.290:1.8.0_sr5.25-30.390:2.12.3-27.170:5.6.1-17.60:2.6.2-41.460:1.0.0-41.460:1.9.1-41.460:8-41.460:2.1.17-3.30:4.4.121-92.730:4.7.5_02-43.300:2.6.2-41.400:1.0.0-41.400:1.9.1-41.400:8-41.400:3.0.3-17.120:1.0.1-19.50:1.1.1-122.30:2.6.2-41.520:1.0.0-41.520:1.9.1-41.520:8-41.520:1.7.1_sr4.45-38.370:4.7.6_06-43.510:2.0.0-27.540:1.8.22-24.190:1.8.0_sr5.35-30.500:2.22-62.220:4.7.6_05-43.450:10.0.38-29.270:3.5.21-26.170:2.0.0-27.610:2.6.2-41.550:1.0.0-41.550:1.9.1-41.550:8-41.550:9.4.24-21.250:9.6.15-3.290:0.12.7-10.60:1.7.1_sr4.50-38.410:7.37.0-37.430:1.8.0_sr5.40-30.540:1.0.2j-60.550:2.2.31-19.170:0.9.9-17.110:2.28-44.180:2.6.2-41.490:1.0.0-41.490:1.9.1-41.490:8-41.490:2.0.0-27.480:0.9.9-17.80:1.7.1_sr4.40-38.340:1.8.0_sr5.30-30.460:2.4.23-29.400:2.2.31-19.140:4.7.6_06-43.480:2.2.13-40:8.0.36-170:3.0.3-17.40:2.4.23-29.30:3.0.3-17.90:1.1.1-17.30:2.12.3-27.50:2.4.23-29.60:1.0.4-3.30:2.12.3-27.90:2.5-60:8.0.43-29.50:3.0.3-140:2.4.23-210:2.2-30:2.2.29.1-110:2.4.23-160:1.5.6-3.30:2.4.23-29.130:2.5.1-25.120:2.2.31-19.50:3.5.21-26.60:7.1.5-15.30:7.1.5_k4.4.114_92.67-15.30:8.0.50-29.80:1.4.39-4.30:3.12.58-140:3.12.61-60.180:3.12.67-60.270:3.12.69-60.300:4.4.74-7.100:4.4.88-180:4.4.95-210:4.4.104-240:4.4.114-270:7.1.5_k4.4.21_6-15.30:4.4.138-3.140:4.4.139-3.170:4.4.147-3.200:4.4.155-3.230:4.4.162-3.260:4.4.162-3.290:4.4.120-3.80:4.4.128-3.110:4.4.170-3.320:4.4.172-3.350:4.12.14-8.30:10.0.26-20.100:2.4.10-14.170:2.25.16.1-30:1.0.1i-27.210:1.0.14-10.140:10.0.27-20.130:9.9.9P1-28.200:9.3.14-190:210-70.580:4.4.4_04-22.220:4.4.4_04_k3.12.60_52.54-22.220:6-50:9.9.9P1-28.230:2.0.2-48.220:1.0.0-48.220:1.7.4-48.220:8-48.220:10.0.28-20.160:2.0.2-48.250:1.0.0-48.250:1.7.4-48.250:8-48.250:1.7.1_sr3.60-310:4.4.4_05-22.250:4.4.4_05_k3.12.60_52.57-22.250:4.2.8p9-46.180:4.4.4_05-22.280:4.4.4_05_k3.12.60_52.63-22.280:0.98.9-40:1.8.10p3-2.160:7.0.78-7.130:9.9.9P1-28.370:1.8.10p3-2.190:4.4.4_21-22.420:4.4.4_21_k3.12.61_52.77-22.420:0.12.4-8.150:7.6_1.15.2-30.220:3.10.3-2.30:5-30:10.0.31-20.290:2.44.2-2.30:9.3.18-25.50:1.7.1_sr4.10-38.50:4.4.4_22-22.510:4.4.4_22_k3.12.61_52.89-22.510:10.0.32-20.360:0.12.4-8.120:10.0.29-20.230:2.25-24.100:4.4.4_14-22.330:4.4.4_14_k3.12.61_52.66-22.330:9.9.9P1-28.290:2.0.2-48.310:1.0.0-48.310:1.7.4-48.310:8-48.310:1.7.1_sr4.1-340:9.9.9P1-28.260:9.9.9P1-28.340:4.2.8p10-46.230:4.4.4_16-22.360:4.4.4_16_k3.12.61_52.69-22.360:4.4.4_18-22.390:4.4.4_18_k3.12.61_52.69-22.390:10.0.30-20.260:4.2.4-18.410:9.3.17-240:2.9.1-26.150:2.19-22.210:4.5.5_12-22.180:4.5.5_12_k3.12.74_60.64.45-22.180:0.12.5-100:7.6_1.15.2-53.30:9-30:8-30:1.8.0_sr4.10-30.50:4.5.5_14-22.250:4.5.5_14_k3.12.74_60.64.54-22.250:2.4.16-20.100:4.5.5_16-22.280:4.5.5_16_k3.12.74_60.64.57-22.280:2.4.16-20.130:4.2.4-28.190:12-40:11-40:4.5.5_18-22.310:4.5.5_18_k3.12.74_60.64.60-22.310:2.3.1-33.30:1.0.0-33.30:1.8.1-33.30:8-33.30:1.0.1i-54.80:4.5.5_20-22.360:4.5.5_20_k3.12.74_60.64.63-22.360:8.0.43-10.240:1.8.0_sr5.5-30.130:1.7.1_sr4.15-38.80:2.19-40.60:20160516git-10.130:4.5.5_24-22.490:4.5.5_24_k3.12.74_60.64.93-22.490:1-2.30:1.0.1i-54.140:4.1.5.1-19.80:4.5.5_24-22.520:4.5.5_24_k3.12.74_60.64.96-22.520:1.2.18.4-22.30:2.19-40.160:2.7.0-4.20:2.7.0_k3.12.74_60.64.99-4.20:4.5.5_26-22.550:4.5.5_26_k3.12.74_60.64.99-22.550:1.0.1i-54.170:2.4.16-20.190:15.25.17-46.220:1.12.59-46.100:2.3.1-33.120:1.0.0-33.120:1.8.1-33.120:8-33.120:6.6p1-54.150:3.0.14-10.60:8.0.53-10.350:20160516git-10.80:0.99.22.1-16.40:1-2.90:2.3.1-33.60:1.0.0-33.60:1.8.1-33.60:8-33.60:4.5.5_24-22.430:4.5.5_24_k3.12.74_60.64.82-22.430:1.8.0_sr5.10-30.160:1.7.1_sr4.20-38.160:2.19-40.90:2.4.16-20.160:1.0.1i-54.110:4.5.5_24-22.460:4.5.5_24_k3.12.74_60.64.85-22.460:2.3.1-33.90:1.0.0-33.90:1.8.1-33.90:8-33.90:1-2.50:1.12.1-38.50:5.5.1-8.30:1.0.1i-54.200:2.3.1-33.170:1.0.0-33.170:1.8.1-33.170:8-33.170:6.6p1-54.180:1.0.1i-54.230:1.12.1-38.130:6.6p1-54.260:2.3.1-33.230:1.0.0-33.230:1.8.1-33.230:8-33.230:2.7.0-4.40:2.7.0_k3.12.74_60.64.110-4.40:4.5.5_28-22.610:4.5.5_28_k3.12.74_60.64.110-22.610:1.0.1i-54.260:1.2.18.4-22.100:0.10.36-11.90:1.2.18.4-22.130:2.38.2-7.120:3.10.3-2.80:2.3.1-33.260:1.0.0-33.260:1.8.1-33.260:8-33.260:0.2.12-13.30:0.12.5-10.2.30:1.5.8-10.40:1.0.1i-54.290:210-116.220:20160516git-10.160:2.3.1-33.200:1.0.0-33.200:1.8.1-33.200:8-33.200:5.13-3.100:210-116.190:1.2.18.4-22.60:4.5.5_28-22.580:4.5.5_28_k3.12.74_60.64.107-22.580:2.4.16-20.240:4.2-83.30:6.2-83.30:6.6p1-54.320:1.2.6-5.30:2.4.23-29.180:0.9.0~git.1456906198.f422461-16.90:3.3.0-5.400:1.7.1_sr2.0-40:0.151.0-80:1.8.10-120:2.4.10-120:1.7.1_sr3.0-110:1.8.5.6-50:1.8.10-40:2.4.10-14.100:1.7.1_sr2.10-80:1.8.5.6-150:1.7.1_sr3.20-180:1.7.1_sr3.30-210:1.8.10-180:0.99.22.1-50:0.99.22.1-90:2.8.2-60:1.8.10-210:1.7.1_sr3.40-250:1.8.0_sr2.0-40:2.4.16-70:0.6+git20160531.fbfe336-50:1.8.0_sr3.10-150:1.8.0_sr3.21-200:1.8.0_sr2.10-70:1.8.0_sr4.0-230:2.4.16-190:1.8.0_sr4.1-260:0.24.1-30:2.8.2-15.30:0.162.0-15.30:1.7.1_sr4.20-38.120:2.8.2-15.60:1.2.0-2.30:3.0.15-2.30:16.11.6-8.40:7.1.8-4.80:16.11.6-8.70:2.4.23-29.210:4.4.143-4.130:4.4.155-4.160:16.11.8-8.100:2.8.2-15.100:2.2.31-19.80:3.0.15-2.110:0.24.1-7.90:2.4.23-29.340:1.5.6-3.90:1.8.19-25.90:20170731-11.80:2.4.23-29.430:1.3.2-90:0.2.3-50:3.0.2-180:1.4.1-160:7.0.55-80:1.2.22-70:5.4-2.40:1.2.40-2.60:2.8.0-3.40:3.2.2-60:4.2.4-18.270:7.0.68-7.60:2.3.18-370:2.78-6.60:037-51.310:2.4.10-14.280:4.4.4_24-22.540:4.4.4_24_k3.12.61_52.92-22.540:1-80:2.0.2-48.340:1.0.0-48.340:1.7.4-48.340:8-48.340:7.0.82-7.160:4.4.4_26-22.590:4.4.4_26_k3.12.61_52.101-22.590:1-50:4.2.8p11-46.260:20140807git-5.80:4.4.4_32-22.680:4.4.4_32_k3.12.61_52.133-22.680:4.4.4_34-22.710:4.4.4_34_k3.12.61_52.136-22.710:1.2.5-27.130:2.19-22.270:2.4.1-16.60:2.4.1_k3.12.61_52.141-16.60:4.4.4_36-22.740:4.4.4_36_k3.12.61_52.141-22.740:2.0.2-48.430:1.0.0-48.430:1.7.4-48.430:8-48.430:0.12.4-8.180:0.25-5.30:14.45.17-2.820:1.11.70-2.690:2.0.2-48.370:1.0.0-48.370:1.7.4-48.370:8-48.370:7.0.90-7.230:5.7.2.1-4.90:4.2.8p12-46.290:1.0.14-10.170:2.0.2-48.460:1.0.0-48.460:1.7.4-48.460:8-48.460:10.0.37-20.490:1-1.70:5.3.1-4.70:20140807git-5.30:4.4.4_28-22.620:4.4.4_28_k3.12.61_52.119-22.620:10.0.34-20.430:2.19-22.240:2.4.10-14.310:1.0.1i-27.310:1.0.1i-27.280:4.4.4_30-22.650:4.4.4_30_k3.12.61_52.125-22.650:10.0.35-20.460:2.0.2-48.400:1.0.0-48.400:1.7.4-48.400:8-48.400:2.0.2-48.520:1.0.0-48.520:1.7.4-48.520:8-48.520:4.4.4_40-22.800:4.4.4_40_k3.12.61_52.149-22.800:1.2.5-27.160:9.9.9P1-28.420:3.8.3.1-2.120:1.0.1i-27.340:2.38.2-7.90:1.2.5-27.190:2.7.9-16.70:0.12.4-8.210:20140807git-5.110:210-70.770:2.0.2-48.490:1.0.0-48.490:1.7.4-48.490:8-48.490:210-70.740:1.11.5.1-10.160:4.2.8p13-46.320:4.4.4_40-22.770:4.4.4_40_k3.12.61_52.146-22.770:2.4.10-14.360:3.8.3.1-2.70:3.3.14-200:8.0.32-80:2.3.18-400:1.4-270:8.0.32-10.130:2.7.0-30:2.7.0_k3.12.53_60.30-30:8.0.32-30:2.3-3.30:3.3.14-22.60:8.0.43-10.190:3.12.74-60.64.720:20160518_1.9.4-7.50:2.7.0-3.30:2.7.0-3.100:16.11.6_k4.4.126_94.22-8.40:7.1.8_k4.4.131_94.29-4.80:2.7.1-8.20:2.7.1_k4.4.131_94.29-8.20:2.0.8-3.80:2.0.8_k4.4.131_94.29-3.80:2017+git1492060560.b6d11d7c46-4.90:16.11.6_k4.4.143_94.47-8.70:2.7.1-8.40:2.7.1_k4.4.143_94.47-8.40:8.0.53-29.130:3.0.14-3.30:8.0.53-29.160:2.7.1-8.60:2.7.1_k4.4.162_94.69-8.60:3.5.21-26.120:16.11.8_k4.4.156_94.64-8.100:2.7.6-3.230:2017+git1492060560.b6d11d7c46-4.170:2017+git1492060560.b6d11d7c46-4.260:4.4.178-4.280:6.46-3.30:1.4-290.60:1.2.40-7.30:4.4.170-4.220:4.4.180-4.310:2017+git1492060560.b6d11d7c46-4.200:2017+git1492060560.b6d11d7c46-4.230:4.4.176-4.250:4.4.162-4.190:2.0.3-17.70:2017+git1492060560.b6d11d7c46-4.120:1.6.1-16.580:2.7.13-28.80:8.24.0-3.70:7.2p2-74.230:4.2.1-27.120:1.22-7.70:1.9.2-3.30:2.9.1-6.410:1.0.0+-6.410:1.10.2-6.410:8-6.410:3.6.8-6.60:6.46-3.60:10.0.40.1-29.320:4.12.14-6.30:4.12.14-6.120:4.12.14-6.150:9.0.21-3.130:4.12.14-6.230:4.12.14-6.60:4.12.14-6.90:1.0.0-160:0.15.0-30:1.0.0-190:1.2.0-40:2.20.0-60:2.3.1-30:2014.2.4.dev18-30:2014.2.4~a0~dev78-70:2014.2.4~a0~dev61-60:2014.2-50:2014.2.4~a0~dev103-100:2014.2.4~a0~dev80-140:1.54-20:2.71-6.30:3.1.3-60:45.3.0-90:53.0.2785.113-1000:53.0.2785.143-1060:45.4.0-120:5.5.5-120:1.4.3-60:5.21.0-180:2.8.8-60:2.8.8-220:54.0.2840.90-1120:45.5.1-170:55.0.2883.75-20:45.6.0-200:51.0.2704.103-850:1.4.5-50:2.5.0-20:1.2.5-80:1.5.3-40:2.17-40:1.6.0-180:45.2-60:52.0.2743.82-890:5.21.0-150:3.0.7-60:52.0.2743.116-920:1.6.1-60:61.0.3163.79-290:1.0.4-50:61.0.3163.100-320:2.1.0-60:1.5.2-60:2.0.5-20:3.3.4-110:3.99.5-20:2.1.0-90:2.1.0-190:52.4.0-450:1.3.19-80:1.3.19-180:0.24.3-60:1.0.5-320:1.5-50:2.0.5-70:2.0.3-140:4.0.2-90:2.4.1.0-60:3.4.10-50:52.5.0-480:0.3.1.9-80:63.0.3239.84-400:18.3.4.7-90:63.0.3239.108-430:1.9.9-60:52.5.2-510:4.7.7-140:45.7.0-230:15.12.3-60:0.24.6-100:1.0.1-180:56.0.2924.87-50:4.14.25-50:5.26.0-50:5.26.0-60:45.8.0-270:1.0.2-210:57.0.2987.98-80:1.3.19-50:1.3.19-150:57.0.2987.133-110:3.1.6-50:2.8.10-90:3.2.4-6.30:58.0.3029.81-140:58.0.3029.96-170:52.1.0-300:5.26.0-2.30:4.14.25-80:4.14.25-7.40:59.0.3071.86-200:1.0.3-250:0.8.21-120:2.8.11-120:3.1.8-80:52.2-360:59.0.3071.104-230:1.7.0-120:16.08.2-50:2.8.12-150:1.0.4-280:60.0.3112.78-260:15.12.3-80:16.08.2-30:52.3.0-420:52.6-540:64.0.3282.119-460:20180101-50:64.0.3282.140-490:20180201-80:20180201-120:60.3.0-740:70.0.3538.102-740:5.8.7-80:4.1.8-130:4.1.5-140:71.0.3578.98-800:64.0.3282.167-520:1.1.1-430:3.4.2-140:1.0.6-360:14.4.2-50:1.3.19-110:1.3.19-210:0.15.1b-50:4.7.8-170:3.100-60:3.100-70:1.0.5-80:1.9.4-150:1.9.4-50:0.3.2.10-140:1.8.7-50:1.11.10-50:1.11.11-80:1.13.9-120:52.7-570:1.3.19-140:1.3.19-240:4.8.0.1-200:1.8.17-50:66.0.3359.181-550:3.1.0-50:2.0.4-90:4.1.2-80:1.11.15-110:4.0.6-120:2.0.10-60:4.8.4-320:0.3.4.11-200:2.7.8-90:60.6.1-820:4.1.7-170:4.1.2-lp150.3.100:1.7.2-250:4.1.10-160:2.0.11-310:2.8.1-120:60.7.2-850:75.0.3770.90-20:4.9.0.1-310:1.1.3-330:2.13.1-50:1.2.19-90:1.2.19-lp151.4.60:75.0.3770.142-70:5.32.0-70:5.55.0-lp151.2.50:4.14.33-70:4.14.38-lp151.9.50:4.1.11-200:4.1.8-lp151.2.30:4.8.5-350:1.14.2-160:60.8.0-880:72.0.3626.96-880:5.32.0-60:5.45.0-lp150.50:5.32.0-80:0.112.0-50:2.8-20:60.5.1-790:72.0.3626.121-920:52.8-600:2.0.5-120:2.0.6-150:2.0.7-180:1.1.2-470:4.0.10-150:1.9.7-190:1.9.7-130:4.8.2-230:6.20180626-70:52.9.0-650:67.0.3396.99-580:68.0.3440.75-610:1.7.1-20:2.0.8-210:13.0.5-50:4.8.3-290:13.0.8-80:69.0.3497.81-650:20180901-110:20180901-lp150.7.30:17.04.2-120:69.0.3497.92-680:4.0.2-130:69.0.3497.100-710:70.0.3538.110-770:2.6.1-140:1.8.3-520:1.1.1-201603041041430:1.0.4-201603081710220:2.1.0-80:69.0.3497.81-lp150.2.100:4.14.18-60:5.20.0-70:4.14.18-90:64.0.3282.140-1380:5.20.0-80:4.14.18-140:5.26.0-80:4.14.25-130:5.20.0-110:5.20.0-90:0.112.0-60:5.26.0-100:0.112.0-30:1.7.2-230:0.9.1-15411.10:3.5.9-0.10:0.7.0.r4359-15.220:0.7.0.r1053-11.160:1.6.1-83.170:0.3.14-2.120:0.5.12-23.400:2.17.35-0.20:0.9-14.340:2.2.10-2.240:2.0.4-400:5.2.6-50.240:0.6.23-11.190:9.5.0P2-20.70:1.36.0-110:1.0.5-340:3.4.3-1.170:1.34b-11.170:0.96-0.120:1.1.0-220:4.1-194.240:1.3.9-8.300:7.19.0-11.240:2.3.11-60.210:1.2.10-3.110:3.1.3.ESV-0.30:1.41.9-2.10:22.3-4.320:1.6.4-152.170:2.28.2-0.20:2.28.2-0.100:2.0.1-88.260:6.3.8.90-13.160:4.24-430:4.4.0-38.240:2.1.1-7.7.190:2.3.7-25.100:2.3.7-250:2.7.2-61.180:2.5.26-10:1.1.36-260:2.0.36.RC1-520:8.62-32.270:4.2.7-32.270:2.22.5-0.20:2.2.23-1.410:2.4.8-1.20:2.28.3-0.40:2.4.1-24.190:2.0.9-25.250:0.10.25-1.10:0.10.17-1.10:2.18.9-0.40:7.2-80:1.3.12-69.190:3.9.8-3.40:0.7.3-1.10:1.4.2_sr13.3-1.10:1.6.0_sr7.0-1.60:4.3.5-0.80:3.5.10-200:3.5.10-23.270:4.3.5-0.20:2.6.32.12-0.70:1.6.3-133.270:1.6.3-1330:0.12.3-0.110:1.17-77.140:6.4.3.6-7.200:4.6.2-1.60:1.4-730:1.3.4-12.200:1.3.3-11.160:2.5.5-50:2.4.17-0.30:0.6.17-20:0.17.1-310:2.28.0-1.20:4.0-7.240:2.2.6-2.1310:2.1.5-50:5.0.67-13.200:0.28.3-2.120:10.26.44-101.90:0.11.6-5.250:0.9.8h-30.270:1.2.31-5.120:0.12.3-1.20:0.9.21-1.50:2.6.0-8.90:0.8.4-194.230:0.18-10:0.2.1-1.20:0.1.4-10:1.0.20-2.10:5.4.2.1-8.20:2.28.2-0.10:3.8.2-141.80:0.7.6-1.90:1.2.0-790:2.7.6-0.10:1.1.24-190:1.2.10-10:2.1.12-0.10:2.5.2-170:2.0.1-1.190:1.9.0.19-0.10:1.9.1.9-1.120:1.5.17-42.330:3.0.6-1.210:1.4.13-10:4.2.4p8-1.30:5.1p1-41.310:2.6.16-1.340:2.0.9-1430:1.0.4-0.50:2.3.1-47.100:184-1470:0.47-13.130:5.10.0-64.470:3.56-1.180:804.028-500:3.2.5-26.220:8.3.9-0.10:0.24.8-1.30:3.3.8b-880:0.99.15-0.10:3.0.4-2.330:1.8.7.p72-5.240:2.7.STABLE5-2.40:1.5final-280:1.6.9p17-21.30:2.0.9-27.270:8.1.5-7.90:1.0-0.150:1.20-23.230:3.80.2-20:5.52-142.230:0.5.2-132.10:1.11.4-1.150:1.0.5-1.340:1.0.2-360:4.0.0_21091_04-0.20:4.0.0_21091_04_2.6.32.12_0.7-0.20:7.4-9.240:7.4-27.190:3.02-138.260:238-10:2.10-91111.20:10.0-0.30:0.7.1_git20090811-3.200:0.7.1-5.220:0.3.14-2.230:0.5.12-23.580:0.9-14.390:11-6.650:1.0.6-91.160:2.7.0-18.70:2.2.12-1.280:1.2.26-1.300:5.2.14-0.7.240:5.3.8-0.190:9.6ESVR5P1-0.80:1.0.5-34.2530:5.1-0.40:0.97.3-0.20:4.1-194.1990:1.3.9-8.440:7.19.7-1.180:2.3.11-60.65.640:1.2.10-3.230:0.76-34.220:4.2.3.P2-0.70:3.2.3-44.280:1.0.22-3.210:1.41.9-2.70:61-1.290:0.2-1001.300:22.3-4.400:1.6.4-152.220:2.28.2-0.70:2.28.2-0.26.330:6.3.8.90-13.20.190:4.24-43.190:4.4.0-38.260:3.0.2-269.350:2.1.1-7.100:2.3.7-25.280:2.7.2-61.230:8.62-32.280:4.2.7-32.280:2.11.3-17.310:2.2.23-1.500:2.28.3-0.280:2.4.1-24.39.330:2.0.9-25.33.270:0.10.35-5.150:0.10.30-5.80:2.18.9-0.210:7.2-8.150:3.11.10-0.6.70:1.4.2_sr13.10-0.40:1.6.0_sr9.3-0.40:1.14.1-16.310:4.3.5-0.100:4.3.5-0.60:4.3.5-0.40:3.0.13-0.270:1.6.3-133.48.480:0.15.1-0.170:1.34b-12.180:3.6.3-0.180:6.4.3.6-7.220:4.6.3-5.120:1.3.4-12.22.210:1.3.3-11.18.170:2.11-2.170:0.34-2.50:2.4.27-0.60:3.13.1-0.20:2.6.7-0.50:1.0.0-307.100:4.0-7.260:5.0.94-0.2.40:0.29.6-6.70:0.52.10-1.350:0.11.6-5.270:0.9.8j-0.260:1.2.31-5.250:0.12.3-1.30:0.9.23-0.70:2.6.0-8.120:4.6.3-5.100:0.2.1-1.50:2.26.0-2.30:1.0.20-2.40:5.4.2.1-8.12.60:2.32.2-4.70:3.8.2-141.1420:0.9.6-0.130:1.2.0-79.130:3.0.3-0.60:11-1.220:3.2.15-0.130:2.7.6-0.130:0.9-1.240:3.7.7-10.240:7.3.6-65.720:2.02.84-3.250:2.1.14-9.20:2.0.2.umip.0.4-8.70:2.6.7-0.70:1.9.2.24-0.30:3.0.6-1.25.240:4.2.4p8-1.160:1.5.2-0.220:1.5.2_3.0.13_0.27-0.220:1.2.0-172.220:5.1p1-41.510:2.6.16-1.360:2.4-662.180:1.1.5-0.100:1.26.2-1.30:1.3.8-3.150:1.4.102-1.370:5.10.0-64.550:5.816-2.230:3.3.1-10.80:8.3.14-0.20:2.6.12-0.100:1.0.22-3.150:1.5.11-0.90:0.99.15-0.60:1.1-1.24.40:3.0.4-2.380:5.8.7-0.50:1.8.7.p357-0.70:2.7.STABLE5-2.100:3.1.12-8.100:1.4-13.60:1.5final-28.210:1.7.6p2-0.2.40:0.71.47-0.70:2.0.9-27.320:8.1.5-7.320:1.0.8-9.160:1.5-0.70:5.1.1-100.190:1.26-1.2.40:0.48-101.200:0.9.10-0.150:6.0.18-20.35.360:6.00-11.70:0.22.5-0.20:0.5.2-132.20:1.4.10-0.20:4.1.2_14-0.50:4.1.2_14_3.0.13_0.27-0.50:7.4-9.470:7.4-27.600:7.4-8.26.320:2.17.119-0.50:2.17.44-0.511.30:9.0.3-0.170:17.0.4esr-0.100:0.7.1_git20090811-3.280:0.3.14-2.280:0.5.12-23.680:0.9-14.410:11-6.900:1.0.6-91.250:1.7.1-20.90:1.7.1-16.90:2.2.12-1.380:5.3.17-0.130:2.7.1-0.2.120:4.3.5-0.30:0.6.23-11.300:9.6ESVR7P4-0.100:1.36.0-12.30:5.1-0.110:0.97.7-0.30:2.3.37-2.240:2.4.26-0.240:4.1-194.2070:1.3.9-8.46.460:7.19.7-1.260:1.12.12-144.23.50:1.2.10-3.270:4.2.4.P2-0.160:3.2.3-44.300:1.41.9-2.90:61-1.330:2.28.2-0.290:2.0.1-88.340:4.24-43.230:2.1.1-7.160:2.3.7-25.320:2.8.7-0.90:8.62-32.340:4.2.7-32.340:2.22.5-0.8.80:2.11.3-17.540:2.28.3-0.320:2.4.1-24.39.450:2.0.9-25.33.310:2.18.9-0.230:1.20.4-0.140:1.3.12-69.230:5-0.70:1.5.7-0.70:3.0.1-253.360:1.6.0_sr13.1-0.90:1.7.0_sr4.1-0.50:6b-879.120:6.2.0-879.120:4.3.5-0.12.120:3.0.76-0.110:1.6.3-133.49.540:1.4.1-0.110:1.34b-12.390:3.6.3-0.390:6.4.3.6-7.260:4.6.3-5.250:1.3.3-11.18.190:0.37.1-5.160:2.4.41-0.80:9.1.9-0.30:0.6.17-2.140:3.14.3-0.110:2.28.0-1.90:5.0.96-0.60:5.5.31-0.70:0.9.8j-0.500:3.2.0-10.30:1.2.31-5.310:0.12.3-1.80:0.3.1-2.60:2.6.8-0.150:5.4.2.1-8.12.160:2.32.2-4.130:1.9.4-0.120:3.8.2-141.1520:0.3.10-0.90:2.6.2-0.2.40:1.0.5.1-0.70:1.2.0-79.200:2.7.6-0.230:1.1.24-19.210:3.7.7-10.260:2.02.98-0.250:2.1.14-9.60:1.9.2.27-0.20:3.0.6-1.25.280:1.4.16-0.110:1.2.3-18.310:4.2.4p8-1.220:1.5.4.1-0.110:1.5.4.1_3.0.76_0.11-0.110:2.4.2-0.90:6.2p2-0.90:2.0.9-143.380:2.3.1-47.120:0.47-13.160:5.10.0-64.670:0.2808.01-0.670:0.72-0.670:8.3.23-0.40:2.6.18-0.40:1.0.22-3.190:0.5.0-3.200:0.99.15-0.120:3.0.4-2.470:5.10.1-0.70:1.8.7.p357-0.9.90:1.3.11-0.190:1.7.0.0-1.160:2.7.STABLE5-2.12.120:3.1.12-8.120:1.5final-28.23.230:4.54-0.90:1.7.6p2-0.170:0.71.61-0.110:2.0.9-27.34.360:8.1.5-7.450:1.0.8-9.230:1.5-0.90:5.1.1-100.210:1.5-19.230:0.48-101.310:0.9.10-0.170:6.0.18-20.35.400:2.3.1-0.90:1.2.1-0.70:1.8.6-0.20:3.3.12-517.120:4.2.2_04-0.70:4.2.2_04_3.0.76_0.11-0.70:7.4-9.620:7.4-27.810:7.4-1.290:7.3.99-17.110:7.3.99-3.200:2.17.129-0.70:2.17.45-0.511.40:9.0.3-0.28.290:31.7.0esr-0.80:0.3.14-2.300:0.5.12-23.760:0.9-14.430:4.13-1326.370:11-6.1050:1.7.1-20.110:1.7.1-16.110:2.2.12-1.51.520:1.2.40-0.20:1.0.8-0.4.130:2.0.4-40.240:5.3.17-0.410:2.7.1-0.2.180:0.9.0-3.150:1.10.1-4.131.90:0.6.23-11.320:3.2-147.270:5.2-147.270:9.9.6P1-0.50:2.24-30:1.36.0-12.60:1.49.0-0.130:5.1-0.140:0.98.7-0.30:2.3.37-2.300:2.4.26-0.300:8.12-6.25.32.330:2.9-75.780:4.1-194.211.2130:1.3.9-8.46.560:7.19.7-1.420:1.5.2-10:1.2.10-3.310:4.2.4.P2-0.220:2.71-0.140:1.41.9-2.140:0.152-4.90:22.3-4.420:2.28.2-0.320:0.95-1.240:4.24-43.270:2.1.1-7.180:2.3.7-25.35.360:2.8.7-0.110:2.0.36.RC1-52.200:2.22.5-0.8.140:2.11.3-17.840:2.28.3-0.390:2.4.1-24.39.550:2.0.9-25.33.390:1.1.6-25.320:0.10.30-5.120:1.20.12-0.180:3.11.10-0.6.110:1.5.7-0.150:0.7.3-1.40:1.1.1-1.370:1.7.1_sr3.0-10:1.14.1-16.330:4.3.5-0.12.180:4.3.5-0.11.180:4.3.5-0.140:2.4.4-255.280:3.0.101-630:1.6.3-133.49.660:1.4.2-300:1.17-77.160:1.34b-12.580:3.6.3-0.580:1.2.1-68.170:6.4.3.6-7.300:4.6.3-5.340:1.3.4-12.22.230:2.19.1-6.720:0.41.rc1-20:2.4.52-0.70:9.4.4-0.60:1.4.5-24.240:3.17.3-0.80:4.8.3+r212056-20:1.5.0-0.170:2.28.0-1.130:1.900.1-134.170:1.0.4-1.180:2.03-12.30:2.3.2-3.1180:0.0.20060920alpha-74.50:5.5.43-0.70:0.9.8j-0.700:0.24.4-0.150:1.2.31-5.330:0.12.3-1.100:0.9.23-0.170:2.6.9-0.350:1.0.20-2.60:5.4.2.1-8.12.220:1.2.9-4.2.40:1.9.4-0.160:1.5-1.300:3.8.2-141.1540:0.3.10-0.110:1.2.5-30:2.2.3-0.80:1.4-1.380:11-1.250:3.2.15-0.170:2.7.6-0.310:1.1.24-19.230:3.7.7-10.300:7.3.6-65.740:2.02.98-0.330:0.8.0-0.230:12.5-1.90:2.6.7-0.130:4.10.7-0.30:1.5.17-42.390:3.0.6-1.25.360:2.12-24.4.100:1.4.16-0.130:1.2.3-18.38.430:4.2.8p2-20:1.5.4.1-200:1.5.4.1_3.0.101_63-200:3.2-0.110:1.2.0-172.240:2.0.9-143.440:1.1.5-0.150:5.10.0-64.720:0.2808.01-0.720:0.72-0.720:1.7-37.63.640:4.4.2.3-37.63.640:1.2.22-20:2.4.5.git-2.290:3.22-240.80:2.7.26-0.50:1.0.22-3.250:1.1.6-168.340:2.3.6-0.130:0.7-6.220:0.99.15-0.140:1.1-1.24.80:5.10.1-0.110:1.8.7.p357-0.9.170:1.3.11-0.230:8.14.3-50.240:0.7.318.81ee561d-0.90:2.7.STABLE5-2.12.160:3.1.12-8.16.200:1.5final-28.23.250:4.4.0-6.250:1.7.6p2-0.230:0.71.61-0.130:8.1.5-7.500:1.26-1.2.60:3.9.8-1.270:6.0.41-0.430:6.00-11.130:2.28.1-2.50:1.2.1-100:2.0.7-4.350:1.11.4-1.190:1.10.13-0.20:0.7.1-6.150:2.7.0-217.260:4.4.2_08-10:4.4.2_08_3.0.101_63-10:2.3.14-130.1330:7.4-9.650:7.4-27.1050:7.4-5.11.110:7.4-1.180:7.4-1.160:7.4-1.190:7.4-8.26.440:7.3.99-3.220:2.17.140-10:2.17.46-0.50:7.19.7-1.550:11.3-00:7.19.7-0.380:2.4.26-0.280:1.0.1g-0.120:1.2.0-172.260:5.4.2.1-8.12.310:12.5-1.110:6.6p1-100:2.3.2-0.10.30:1.3.11-0.280:4.54-0.110:2.0.7-4.430:1.11.4-1.260:1.2.5-4.330:2.8.0-29.170:2.2-31.270:6.2.18-4.310:2011.10.10-0.70:15.6-950:1.0.114.6-0.110:10.3.1.4-10:2.28.2-0.130:2.28.2-0.300:2.0-200:2.6.6-0.250:0.22.0-294.260:2.6.2-3.34.450:1.7.12.4-0.90:1.9.14-4010:1.4.2-2.180:0.46-62.430:1.8.2-1.240:0.15.1b-1300:3.1.11a-116.20:3.6.10-0.30:4.0.3.3.26-0.100:3.4.5.5-0.30:0.4.5-2.70:0.2-5.200:0.1.9-9.190:0.5.3-1260:1.0.1-0.10:1.2.7-0.170:0.2.8.4-206.270:0.8.14-40:1.1.15-23.30:1.8.17-481.190:0.1.3-0.10.160:1.4.20-2.540:2.8.6-1430:1.2.6-5.170:2.3.2-0.90:2.0.3-249.210:0.7.1-2.290:0.4.6-2.70:0.139.2-0.30:2.10.3-1.200:1.10.10-120.350:2.0.1-28.200:0.56.2-1.90:0.6c11-5.20:0.10.1-0.5.70:3.2.12-0.90:3.2.12-0.190:3.2.12-0.50:3.2.12-0.70:3.2.12-0.110:1.7.0-0.70:0.6.0-0.80:1.2.0-0.40:1.4.5-0.50:1.3.2-0.12.50:3.9.1-0.80:2.2.1-0.7.110:9.05-1.190:1.1.7-7.230:1.2.9-162.370:1.6.17-1.330:0.7.10-2.190:2007-219.340:3.8.1-0.50:7.11.2-0.90:2.2.12-1.400:5.2.14-0.7.30.500:5.3.8-0.430:2.7.1-0.2.140:9.9.4P2-0.60:2.6.7-0.90:3.6.3-0.33.390:1.3.9-8.46.480:7.19.7-1.20.310:1.2.10-3.250:4.2.4.P2-0.11.130:2.6.6-0.190:4.9.2-0.60:3.13.6-0.50:4.9.3-0.20:3.14-0.30:4.9.4-0.30:3.14.1-0.30:0.3.8-56.510:0.3.8-56.44.450:4.9.5-0.30:3.14.2-0.4.30:4.9.6-0.30:3.14.3-0.4.30:1.7.12.4-0.50:2.11.3-17.45.490:2.4.1-24.39.470:1.5.4-0.7.70:0.46-62.380:2.4.2-170.21.30:2012.9.13-0.80:1.4.2_sr13.18-0.40:1.6.0_sr15.0-0.50:1.7.0_sr6.0-0.70:4.3.5-0.120:1.6.3-133.49.580:3.6.3-0.240:4.6.3-5.20.230:1.5.0-0.150:0.16.0-1.40:3.5.4.13-0.30:2.32.2-4.110:0.2-5.180:0.9.6-0.290:0.9.6-0.230:1.2.7-0.150:2.7.6-0.250:1.4.20-2.520:4.10.1-0.30:3.15.2-0.30:3.0.6-1.25.340:4.10.2-0.30:3.15.3-0.30:3.15.3.1-0.4.20:2.4-0.110:5.10.0-64.61.610:1.7-37.500:4.4.2.3-37.500:2.6.8-0.230:0.7.4-0.7.80:1.3.10-0.50:1.1.6-0.90:1.8.7.p357-0.9.130:2.3.17-0.90:2.3.17-0.80:2.1.2-1.140:2.3.17-0.130:2.3.14-0.100:2.3.14-0.120:2.3.0-0.100:1.1-0.80:2.3.17-0.110:1.6.17-1.250:1.8.12-0.20:4.1.4_02-0.50:0.9.6-0.210:4.1.2_20-0.50:4.1.3_02-0.50:4.1.3_04-0.50:4.1.5_02-0.50:4.1.6_02-0.50:4.1.6_04-0.50:7.4-27.70.760:7.4-8.26.400:7.4-1.22.50:24.6.0esr-0.80:4.10.6-0.30:3.16.1-0.80:9.0.3-0.190:17.0.9esr-0.70:31.8.0esr-0.130:38.5.0esr-280:24.5.0esr-0.80:4.10.4-0.30:3.16-0.80:31.6.0esr-0.80:31.8.0esr-0.100:4.10.8-0.50:3.19.2_CKBI_1.98-0.100:2.2.12-1.460:2.2.12-590:5.3.17-0.310:0.9.0-3.170:5.2-147.220:9.9.6P1-0.120:9.9.6P1-0.150:9.9.6P1-0.190:9.9.6P1-0.220:2.23.1-0.230:3.6.3-0.520:1.3.9-8.46.520:7.19.7-1.380:7.19.7-1.460:7.19.7-1.400:4.2.4.P2-0.240:1.41.9-2.10.110:2.19.1-6.620:2.6.6-0.230:17.0.7esr-0.80:17.0.10esr-0.70:24.3.0esr-0.80:3.15.4-0.70:24.4.0esr-0.80:24.7.0esr-0.80:3.16.2-0.80:24.8.0esr-0.80:3.16.4-0.80:31.3.0esr-0.80:31.4.0esr-0.80:31.5.3esr-0.80:4.10.9-110:38.3.0esr-220:38.4.0esr-250:4.10.10-160:3.19.2.1-190:24.2.0esr-0.70:3.15.3.1-0.70:31.2.0esr-0.160:3.17.2-0.80:38.2.1esr-190:3.19.2.0-0.160:2.3.7-25.340:4.1.6-130:1.7.12.4-0.110:2.11.3-17.720:2.11.3-17.870:2.11.3-17.950:2.4.1-24.39.510:2.4.1-24.39.570:2.4.1-24.39.600:2.18.9-0.350:2.18.9-0.390:1.20.4-0.180:1.5.7-0.90:4.0-7.280:1.6.0_sr16.2-0.30:1.6.0_sr16.7-100:1.6.0_sr16.15-460:1.7.0_sr8.0-0.50:1.7.0_sr9.10-90:1.7.0_sr9.20-420:4.3.5-0.12.200:3.0.101-0.47.710:1.6.3-133.49.620:1.6.3-133.49.970:1.6.3-133.49.1030:1.6.3-133.49.640:1.6.3-133.49.680:1.0.5.9-0.190:2.5-0.70:4.6.3-5.290:9.1.12-0.30:3.16.5-0.70:1.5.0-0.190:1.0.4-1.200:0.0.20060920alpha-74.100:5.5.39-0.70:0.9.8j-0.660:1.2.31-5.350:1.2.31-5.380:0.9.23-0.150:4.6.3-5.320:4.0.3.3.26-0.60:2.26.0-2.50:1.0.20-2.100:1.5-1.280:1.0.5.9-0.90:0.9.1-1560:0.2.8.4-206.29.290:2.7.6-0.340:2.7.6-0.370:0.8.0-0.210:0.8.0-0.250:2.6.7-0.160:38.6.0esr-310:3.20.2-250:4.10.8-0.80:3.19.2.2-220:3.15.2-0.80:5.5.45-0.110:5.5.46-0.140:5.5.47-0.170:5.4.2.1-8.12.240:3.15.3-0.80:2.4.26-0.350:2.4.26-0.620:0.9.8j-0.800:0.152.0-60:1.1.5-0.120:5.10.0-64.700:5.3.17-450:5.3.17-480:1.7-37.600:4.4.2.3-37.600:9.4.5-0.80:9.1.15-0.30:9.1.18-0.30:9.1.19-0.50:2.6.9-0.330:2.6-8.330:2.6.9-0.250:2.6-8.250:2.6.9-0.270:2.6-8.270:2.6.9-0.310:2.6-8.310:0.6c8-10.19.60:0.6c11-60:1.8.7.p357-0.9.150:2.3.17-0.150:3.2.12-0.140:3.2.12-0.180:2.3.0-0.120:1.1.6-0.110:1.4.5-0.70:3.6.3-760:3.6.3-0.560:3.6.3-640:3.0u-0.70:1.2.9-162.330:1.6.17-1.290:1.0-370:3.8.2-141.1600:1.10.11-0.20:1.12.7-0.50:1.12.9-0.120:4.2.5_06-0.70:4.2.5_02-0.70:4.2.5_12-150:4.2.5_14-180:4.2.2_06-0.70:4.2.3_02-0.70:4.2.3_08-0.70:4.2.4_02-0.70:4.2.4_04-0.90:4.2.5_04-0.90:4.2.5_08-0.90:4.2.5_18-210:3.1.8-0.70:7.4-27.850:7.4-8.26.420:7.4-5.11.150:1.6.5-40:1.6.5-60:1.2.5-4.350:1.2.5-4.380:1.2.5-4.410:1.2.5-4.460:1.2.5-4.520:1.2.5-4.590:1.2.5-4.620:1.2.5-4.650:1.2.5-4.770:1.2.5-4.78.90:1.2.5-4.78.160:1.2.5-4.78.190:1.2.5-4.78.280:1.2.5-4.78.330:1.2.5-4.78.380:1.2.5-4.78.410:1.2.5-78.440:1.2.5-78.470:1.2.5-78.520:1.2.5-78.610:1.2.5-78.660:1.2.5-78.720:1.2.5-78.780:1.2.5-78.850:6.4.3.6-7.340:6.4.3.6-7.370:6.4.3.6-7.400:6.4.3.6-7.450:6.4.3.6-7.480:6.4.3.6-7.540:6.4.3.6-7.600:6.4.3.6-7.650:6.4.3.6-7.770:6.4.3.6-7.78.50:6.4.3.6-7.78.80:6.4.3.6-7.78.140:6.4.3.6-7.78.170:6.4.3.6-7.78.220:6.4.3.6-7.78.290:6.4.3.6-7.78.340:6.4.3.6-7.78.370:6.4.3.6-78.400:6.4.3.6-78.450:6.4.3.6-78.560:6.4.3.6-78.590:6.4.3.6-78.740:6.4.3.6-78.790:6.4.3.6-78.920:0.9.1-1590:0.9.1-160.30:0.9.1-160.60:0.9.1-160.90:38.6.1esr-340:38.8.0esr-400:4.12-260:3.20.2-300:45.2.0esr-450:2.11.0-20:4.12-290:3.21.1-350:45.3.0esr-500:45.4.0esr-530:45.6.0esr-620:45.7.0esr-650:45.8.0esr-680:45.9.0esr-710:4.13.1-320:3.29.5-460:52.2.0esr-72.50:3.29.5-47.30:52.3.0esr-72.90:52.5.0esr-72.170:52.6.0esr-72.200:52.7.3esr-72.270:52.8.0esr-72.320:52.8.1esr-72.350:52.9.0esr-72.380:38.7.0esr-370:4.12-240:3.20.2-280:1.6.1-83.17.30:1.2.13-106.110:1.2.6-84.420:1.2.6-84.460:4.4.2_12-230:2.8.0-29.17.50:1.7.1-20.11.50:1.7.1-16.11.50:2.2.12-640:2.2.12-690:2.2.34-70.50:2.2.34-70.120:2.2.34-70.150:2.2.34-70.180:2.2-31.290:0.2.6-142.170:0.9.0-3.21.30:0.6.23-35.60:3.2-147.290:5.2-147.290:3.2-147.350:5.2-147.350:9.9.6P1-0.250:9.9.6P1-0.300:9.9.6P1-0.330:9.9.6P1-0.360:9.9.6P1-0.390:9.9.6P1-0.440:9.9.6P1-0.470:9.9.6P1-0.500:9.9.6P1-0.51.70:2.5.5-90:2.0-3180:20171128-8.30:0.162.1-7.40:1.8-3.50:1.8.8-2.3.70:2.8.12-56.130:7.0.9-30.30:1.0.114.6-0.140:1.3.9-8.46.56.30:7.19.7-1.610:7.19.7-1.640:7.19.7-1.690:7.19.7-1.70.30:7.19.7-1.70.80:7.19.7-1.70.130:7.37.0-70.270:7.37.0-70.300:7.37.0-70.330:7.37.0-70.380:1.12.12-144.23.5.30:2.3.11-60.65.670:4.2.4.P2-0.270:4.2.4.P2-0.28.50:4.2.4.P2-0.28.80:1.6.1-8.3.80:22.3-42.30:2.28.2-0.7.30:2.0.2-4.50:2.0.1-88.380:2.0.1-88.410:2.0.1-88.42.30:52.4.0esr-72.130:3.29.5-47.60:2.6.0-10.190:2.1.1-7.240:2.1.1-7.25.30:2.3.7-25.410:2.3.7-25.45.50:2.3.7-25.45.80:2.8.7-0.11.30:4.3.4_20091019-37.30:4.3.4_20091019-37.90:4.8.5-40:4.8.5-5.30:5.3.1+r233831-100:2.0.36.RC1-52.220:2.0.36.RC1-52.250:2.0.36.RC1-52.290:2.0.36.RC1-52.320:2.0.36.RC1-52.33.50:8.62-32.410:4.2.7-32.410:8.62-32.380:4.2.7-32.380:8.62-32.440:4.2.7-32.440:8.62-32.460:4.2.7-32.460:8.62-32.47.70:4.2.7-32.47.70:8.62-32.47.100:4.2.7-32.47.100:8.62-32.47.130:4.2.7-32.47.130:4.1.6-210:2.6.2-3.34.470:1.7.12.4-0.140:1.7.12.4-0.170:1.7.12.4-0.18.30:1.7.12.4-0.18.60:1.7.12.4-0.18.170:2.22.5-0.8.360:2.11.3-17.1020:2.11.3-17.1090:2.11.3-17.110.30:2.11.3-17.110.60:2.11.3-17.110.90:2.11.3-17.110.140:2.11.3-17.110.190:2.11.3-17.110.240:2.4.1-24.39.670:2.4.1-24.39.700:0.10.35-5.170:2.18.9-0.440:2.18.9-0.45.30:2.18.9-0.45.80:1.8.5-240:4.0-7.300:4.0-380:4.0-430:4.0-460:4.0-47.60:1.4.2-2.200:1.900.14-134.250:1.900.14-134.320:1.900.14-134.33.30:1.7.1_sr3.10-30:1.7.1_sr3.20-60:1.7.1_sr3.30-90:1.7.1_sr3.40-130:1.7.1_sr3.60-190:1.7.1_sr4.1-220:1.7.1_sr4.5-250:1.7.1_sr4.10-26.50:1.7.1_sr4.15-26.80:1.7.1_sr4.20-26.130:1.7.1_sr4.25-26.260:1.7.1_sr4.30-26.290:1.7.1_sr4.35-26.320:1.7.1_sr4.40-26.360:1.7.1_sr3.50-160:6b-879.12.70:6.2.0-879.12.70:3.5.10-23.30.50:3.0.101-800:3.0.101-880:3.0.101-940:3.0.101-970:3.0.101-1040:3.0.101-108.70:3.0.101-108.130:3.0.101-108.710:3.0.101-650:3.0.101-710:3.0.101-108.180:3.0.101-108.210:3.0.101-108.240:3.0.101-108.350:3.0.101-108.480:3.0.101-108.520:3.0.101-108.680:3.0.101-108.770:3.0.101-108.870:3.0.101-680:3.0.101-770:3.0.101-840:3.0.101-1070:3.0.101-108.100:3.0.101-108.570:3.0.101-108.600:3.0.101-108.810:3.0.101-108.380:3.0.101-108.410:1.5.4.1-22.30:1.5.4.1-22.60:1.6.3-133.49.1060:1.6.3-133.49.1090:1.6.3-133.49.113.70:1.3.4-12.22.23.30:1.3.3-11.18.19.130:0.6.3-1.90:1.7.4-7.90:0.41.rc1-70:4.5.20-970:1.4.5-24.24.30:0.6.17-2.14.30:1.5.0-0.220:1.5.0-0.250:0.43-1.10.60:0.15.1b-132.30:1.10-60:1.10-7.30:1.0.4-1.250:3.1.11a-116.2.30:0.0.20060920alpha-74.11.60:0.9.0-3.70:3.1.0-30:3.2.0-10.50:1.2.31-5.430:1.0.3-50:1.0.3-6.50:1.1.03.beta1-20:2.8.8-20:1.2.4-20:5.0.4.2-230:4.1-20:3.7.1-50:20150827-230:1.0.2-0.80:1.0.20-2.130:1.0.20-2.180:1.0.20-2.19.70:1.0.20-2.19.120:0.2-5.220:1.2.9-4.2.60:1.4.3-17.30:0.2.1-1.120:0.2.1-1.13.30:0.2.1-1.13.60:1.2.5-120:1.2.5-150:1.2.5-23.30:1.2.5-23.60:1.2.5-23.150:1.2.0-79.20.30:1.2.0-79.20.60:1.2.0-79.20.110:1.2.0-79.20.140:2.7.6-0.400:2.7.6-0.440:2.7.6-0.500:2.7.6-0.640:2.7.6-0.690:2.7.6-0.760:2.7.6-0.77.30:2.7.6-0.77.100:2.7.6-0.77.150:1.1.24-19.330:1.4.20-2.580:3.0.101-910:3.0.101-1000:2.8.6-1450:2.8.6-146.30:1.2.6-5.17.30:1.2.6-5.17.40:2.3.2-0.110:2.3.2-0.140:2.3.2-0.170:2.3.2-0.18.30:2.3.2-0.18.60:2.3.2-0.18.90:45.5.1esr-590:3.21.3-390:2.6.7-0.180:2.5-24.30:5.5.49-0.200:5.0.96-0.8.100:5.5.52-0.270:5.5.53-0.300:5.5.54-0.350:5.5.55-0.380:5.5.57-0.39.30:5.5.58-0.39.60:5.5.59-0.39.90:5.5.60-0.39.120:5.5.61-0.39.150:5.5.62-0.39.180:3.0.6-1.25.36.30:2.03.90-2.30:2.28.4-1.16.21.30:5.6-920:5.6-93.60:5.6-93.120:5.6-93.150:2.0.3-249.23.30:10.26.44-101.140:2011.4.12-0.9.30:1.5-1.340:4.02.1-30:4.02.1-4.30:4.02.1-4.60:0.11.6-5.27.30:1.2.0-172.27.30:0.9.8j-0.890:0.9.8j-0.970:0.9.8j-0.1020:0.9.8j-0.1050:0.9.8j-0.106.90:0.9.8j-0.106.120:0.9.8j-0.106.150:0.9.8j-0.106.180:2.2.3-0.16.80:1.1.5-0.170:5.10.0-64.800:5.10.0-64.81.30:5.10.0-64.81.100:5.10.0-64.81.130:4.008-60:4.008-90:4.008-10.50:0.710.08-30:5.3.17-590:5.3.17-620:5.3.17-710:5.3.17-740:5.3.17-790:5.3.17-840:5.3.17-870:5.3.17-940:5.3.17-1010:5.3.17-1080:5.3.17-1110:5.3.17-112.50:5.3.17-112.100:5.3.17-112.200:5.3.17-112.230:5.3.17-112.280:5.3.17-112.380:5.3.17-112.410:5.3.17-112.450:5.3.17-112.530:5.3.17-112.580:2.6.6-0.290:2.6.6-0.30.30:0.12.3-1.120:0.12.3-1.13.30:9.4.6-0.140:9.4.9-0.190:9.4.12-0.220:9.4.13-0.23.50:9.4.15-0.23.100:9.4.16-0.23.130:9.4.17-0.23.160:9.4.19-0.23.190:2.4.5.git-2.310:2.6.9-390:2.6-8.390:2.6.9-40.30:2.6-8.40.30:2.6.9-40.60:2.6-8.40.60:2.6.9-40.150:2.6-8.40.150:2.6.9-40.210:2.6-8.40.210:1.8.0-6.40:0.99.15-0.160:0.99.15-0.210:0.99.15-0.240:0.99.15-0.290:0.99.15-0.30.30:1.8.7.p357-0.9.190:3.2.12-0.230:3.2.12-0.260:3.2.12-0.150:3.2.12-0.210:2.4.4-0.100:3.6.3-670:3.6.3-840:3.6.3-870:3.6.3-900:3.6.3-930:3.6.3-94.50:3.6.3-94.80:3.6.3-94.110:3.6.3-94.140:1.0.20-7.80:0.12.4-50:0.12.4-80:0.12.4-110:0.12.4-150:0.12.4-180:3.7.6.3-1.4.60:3.7.6.3-1.4.7.30:1.6.17-1.350:1.6.17-1.36.90:3.8.2-141.1630:3.8.2-141.1680:3.8.2-141.169.30:3.8.2-141.169.60:3.8.2-141.169.90:3.8.2-141.169.160:3.8.2-141.169.190:3.8.2-141.169.220:3.8.2-141.169.260:3.8.2-141.169.310:4.50.1-1.270:4.50.1-1.300:1.12.11-0.180:1.12.13-0.230:2.0.12-360:2.0.13-390:2.0.14-40.70:0.4.5-2.7.20:2.2.11-40.140:19-234.180:2.2.12-40.170:2.2.13-40.220:2.2.14-40.250:2.2.16-40.280:2.2.17-40.310:4.4.2_10-50:4.4.3_02-260:4.4.4_02-320:4.4.4_07-370:4.4.4_08-400:4.4.4_10-430:4.4.4_12-460:4.4.4_14-510:4.4.4_16-540:4.4.4_18-570:4.4.4_20-600:4.4.4_22-61.90:4.4.4_24-61.120:4.4.4_26-61.170:4.4.4_28-61.230:4.4.4_30-61.260:4.4.4_32-61.290:4.4.4_34-61.320:4.4.4_36-61.370:4.4.4_38-61.400:4.4.4_40-61.430:4.4.3_06-290:2.8.1-238.29.50:7.4-30:7.4-5.11.650:7.4-5.11.680:7.4-5.11.72.90:7.4-1.200:7.4-8.26.490:7.4-8.26.50.50:7.4-8.26.50.80:7.4-27.1180:7.4-27.1210:7.4-27.122.160:7.4-27.122.210:2.17.161-50:1.2.7-0.140:7.37.0-70.410:7.37.0-70.440:7.19.7-0.400:1.0.1g-0.220:6.6p1-150:6.6p1-180:6.6p1-19.30:6.6p1-19.60:1.0.1g-0.350:1.0.1g-0.400:1.0.1g-0.470:1.0.1g-0.520:1.0.1g-0.570:1.0.1g-0.58.30:1.0.1g-0.58.90:1.0.1g-0.58.120:1.0.1g-0.58.150:1.0.1g-0.58.180:1.0.1g-0.58.210:1.11.4-1.320:1.11.4-1.400:1.11.4-1.41.30:17.0.9esr-0.30:9.5.5-0.5.50:9.4.6-0.4.50:9.4.2-0.40:1.1.1-174.270:3.4.3-1.500:5.1-0.70:0.97.8-0.20:0.9.7g-146.220:8.12-6.25.290:10.0.7-0.30:7-0.6.70:10.0.9-0.30:10.0.10-0.30:10.0.11-0.30:10.0.12-0.40:17.0.4esr-0.50:7-0.6.90:0.5-1.47.510:17.0.5esr-0.40:17.0.6esr-0.40:17.0.7esr-0.30:17.0.10esr-0.4.20:11.2.202.336-0.30:2.0.9-25.33.370:1.4.1-0.80:1.6.0.0_b27.1.12.7-0.20:3.0.101-0.7.170:4.1.6_04_3.0.101_0.7.17-0.50:0.15.1-0.270:2013.1.7-0.30:5.1p1-41.570:1.95-0.40:2.0.9-143.33.30:2.6.18-0.120:3.16-50.390:4.4.0-6.210:1.7.6p2-0.2.120:0.1.5-1.50:1.0.7-5.100:4.1.4_02_3.0.58_0.6.6-0.50:0.9.0-3.190:0.5.10-0.50:4.1.2_20_3.0.38_0.5-0.50:0.5.12-0.50:4.1.3_02_3.0.38_0.5-0.50:4.1.3_04_3.0.42_0.7-0.50:4.1.5_02_3.0.74_0.6.10-0.50:4.1.6_02_3.0.93_0.5-0.50:4.1.6_04_3.0.101_0.5-0.50:7.3.99-3.180:0.4.1-28.190:1.6.166-0.50:24-0.70:3.2-147.220:1.2-2.100:1.2-2.120:0.98.1-0.100:0.9.7g-146.22.310:0.9.7g-146.22.360:3.13_3.0.101_0.31-0.90:3.2.3-45.50:2.71-0.12.130:61-1.350:7-0.120:38-150:31.0-0.100:31.0-0.120:11.2.202.418-0.30:11.2.202.481-0.80:11.2.202.491-0.110:11.2.202.508-0.140:11.2.202.521-0.170:11.2.202.535-0.200:11.2.202.540-0.230:11.2.202.548-0.260:11.2.202.554-0.290:11.2.202.559-0.320:3.0.2-269.390:2.0.9-25.33.410:2.00-0.490:0.10.22-7.110:1.4.2-0.70:1.7.0.71-0.70:1.7.0.85-0.110:1.7.0.91-0.140:1.7.0.95-0.170:4.3.5-0.11.200:3.0.101-0.47.550:3.0.101-0.400:4.2.4_04_3.0.101_0.40-0.70:3.0.101-0.47.670:1.4.2-0.170:1.4.2-0.22.340:1.4.2-370:1.4.2-0.210:1.900.1-134.130:0.4.1-16.200:12.5-1.70:38-180:1.5.17-42.370:3.0.0-0.200:3.0.0-0.100:4.2.4p8-1.240:6.2p2-0.130:6.2p2-0.210:6.2p2-0.240:1.97-0.30:2.0.9-143.400:2.28.3-0.50:0.2808.01-0.700:0.72-0.700:2.6.18-0.160:0.7-6.200:0.1.6+git20080930-6.240:3.0.4-2.490:1.3.11-0.250:4.4.0-6.320:1.7.6p2-0.210:1.4-1.350:1.1.1-1740:0.7.1-6.170:4.2.5_06_3.0.101_0.47.52-0.70:4.2.5_02_3.0.101_0.40-0.70:4.2.5_12_3.0.101_0.47.55-150:4.2.5_14_3.0.101_0.47.67-180:4.2.2_06_3.0.82_0.7-0.70:4.2.3_02_3.0.93_0.8-0.70:4.2.3_08_3.0.101_0.8-0.70:4.2.4_02_3.0.101_0.15-0.70:4.2.4_04_3.0.101_0.40-0.90:4.2.5_04_3.0.101_0.47.52-0.90:4.2.5_08_3.0.101_0.47.55-0.90:4.2.5_18_3.0.101_0.47.71-210:5.07-6.360:4.4.2_12_3.0.101_63-230:0.9.7g-146.22.410:6.3.8.90-13.20.210:11.2.202.569-0.350:11.2.202.577-0.380:2.00-0.540:1.5.3-0.90:1.7.0.99-0.200:1.4.2-320:1.4.2-350:4.2.8p4-50:6.6p1-130:6.6p1-160:1.7.0.0-1.180:4.4.2_10_3.0.101_63-50:4.4.3_02_3.0.101_65-260:4.4.4_02_3.0.101_68-320:4.4.3_06_3.0.101_65-290:1.0.0-0.90:0.6.1-0.170:1.4_3.0.101_0.47.55-2.28.10:1.4_3.0.101_0.40-2.270:2_3.0.101_0.47.55-0.17.10:2_3.0.101_0.40-0.160:1.6_3.0.101_0.47.55-0.21.10:1.6_3.0.101_0.40-0.200:8.4.4_3.0.101_0.40-0.220:2.4.1-24.39.760:0.7.0+git.1430140184.8e872c5-70:1.4-2.32.20:1.4_3.0.101_108.7-2.32.20:8.4.4-0.27.20:8.4.4_3.0.101_108.7-0.27.20:2-0.24.20:2_3.0.101_108.7-0.24.20:1.6-0.28.30:1.6_3.0.101_108.7-0.28.30:1.4-2.32.40:1.4_3.0.101_108.35-2.32.40:8.4.4-0.27.40:8.4.4_3.0.101_108.35-0.27.40:2-0.24.40:2_3.0.101_108.35-0.24.40:1.6-0.28.50:1.6_3.0.101_108.35-0.28.50:1.6-0.28.70:1.6_3.0.101_108.87-0.28.70:1.4-2.32.60:1.4_3.0.101_108.87-2.32.60:8.4.4-0.27.60:8.4.4_3.0.101_108.87-0.27.60:2-0.24.60:2_3.0.101_108.87-0.24.60:1.6-0.28.90:1.6_3.0.101_108.87-0.28.90:1.1.12-180:45.0-230:52-24.30:5.3.1+r233831-70:52-24.50:3.4.0-180:3.5.5-180:1.9-180:1.0-180:1.0.14-0.4.250:0.7.0-135.23.30:9.9.6P1-0.51.150:1.0.5-34.256.50:1.0.5-34.256.80:0.99.2-0.190:0.99.3-0.20.30:0.99.4-0.20.70:0.100.1-0.20.150:0.100.2-0.20.180:0.100.3-0.20.210:1.2.10-3.34.80:2.78-0.16.50:2.28.2-0.7.80:8.62-47.160:4.2.7-47.160:2.22.5-0.8.390:2.11.3-17.110.330:2.0.9-25.33.42.30:0.10.35-5.18.50:1.1.1-1.37.30:1.6.0_sr16.30-750:1.6.0_sr16.35-780:1.6.0_sr16.45-840:1.6.0_sr16.50-85.50:1.7.0_sr9.50-550:1.7.0_sr9.60-580:1.7.0_sr10.1-610:1.7.0_sr10.5-640:1.7.0_sr10.15-65.80:1.7.0_sr10.20-65.130:1.7.0_sr10.25-65.250:1.7.0_sr10.30-65.280:1.7.0_sr10.35-65.310:1.7.0_sr10.40-65.350:3.0.101-0.47.860:3.0.101-0.47.930:3.0.101-0.47.990:3.0.101-0.47.1020:3.0.101-0.47.1050:3.0.101-0.47.106.80:3.0.101-0.47.106.500:3.0.101-0.47.106.110:3.0.101-0.47.106.190:3.0.101-0.47.106.290:3.0.101-0.47.106.430:3.0.101-0.47.106.590:3.0.101-0.47.106.350:3.0.101-0.47.900:3.0.101-0.47.106.50:3.0.101-0.47.106.560:3.0.101-0.47.106.220:1.4.2-53.110:1.4.2-53.140:1.4.2-53.170:1.4.2-53.200:1.4.2-53.230:1.4.2-53.260:1.4.2-53.320:1.2.9-4.2.12.50:1.2.9-4.2.12.80:1.2.9-4.2.12.110:1.3.4-12.5.50:0.1.6+git20080930-6.270:1.0.5.9-21.50:1.0.5.9-21.90:1.0.5.9-21.200:2.7.6-0.77.180:3.0.101-0.47.960:2.1.15-9.6.60:2.1.15-9.6.120:1.17-102.83.90:1.17-102.83.150:1.17-102.83.240:1.17-102.83.270:1.17-102.83.360:1.17-102.83.410:1.5.17-42.430:10.26.44-101.15.50:4.2.8p9-48.90:4.2.8p12-48.210:4.2.8p13-48.270:6.2p2-0.330:6.2p2-0.400:6.2p2-0.41.50:6.6p1-41.180:0.9.8j-0.106.210:0.9.8j-0.106.250:2.0.9-143.460:2.0.9-143.47.30:2.5.9-252.22.70:0.2808.01-0.81.130:0.72-0.81.130:1.66-3.30:5.3.17-112.710:2.6.9-40.240:2.6-8.40.240:2.6.9-40.290:2.6-8.40.290:1.3.0-1.3.30:1.34b-840:1.34b-900:1.34b-930:1.34b-94.50:1.34b-94.80:1.34b-94.140:1.34b-94.190:3.6.3-94.190:3.7.6.3-1.4.7.90:1.20-122.90:6.0.53-0.560:3.80.2-40:7.2-8.21.30:0.7.1-6.18.30:4.2.5_21-270:4.2.5_21_3.0.101_0.47.86-270:4.2.5_21-300:4.2.5_21_3.0.101_0.47.90-300:4.2.5_21-350:4.2.5_21_3.0.101_0.47.96-350:4.2.5_21-380:4.2.5_21_3.0.101_0.47.99-380:4.2.5_21-410:4.2.5_21_3.0.101_0.47.99-410:4.2.5_21-440:4.2.5_21_3.0.101_0.47.102-440:4.2.5_21-45.50:4.2.5_21_3.0.101_0.47.105-45.50:4.2.5_21-45.80:4.2.5_21_3.0.101_0.47.105-45.80:4.2.5_21-45.110:4.2.5_21_3.0.101_0.47.106.5-45.110:4.2.5_21-45.160:4.2.5_21_3.0.101_0.47.106.8-45.160:4.2.5_21-45.190:4.2.5_21_3.0.101_0.47.106.14-45.190:4.2.5_21-45.220:4.2.5_21_3.0.101_0.47.106.19-45.220:4.2.5_21-45.250:4.2.5_21_3.0.101_0.47.106.43-45.250:4.2.5_21-45.300:4.2.5_21_3.0.101_0.47.106.59-45.300:1.4.19_2.6.33.5_rt23_0.4-0.70:2.1.0.0_2.6.33.20_rt31_0.5-0.20:1.4_2.6.33.20_rt31_0.5-2.50:8.3.11_2.6.33.20_rt31_0.5-0.30:1.4.19_2.6.33.20_rt31_0.5-0.9.110:2.6.33.20-0.50:1.6_2.6.33.20_rt31_0.5-0.4.20:1.5.2_2.6.33.20_rt31_0.5-0.9.130:1.5.2_2.6.33.18_rt31_0.3-0.9.130:1.4_3.0.101_rt130_0.7.9-2.180:8.4.2_3.0.101_rt130_0.7.9-0.6.60:1.4.20_3.0.101_rt130_0.7.9-0.25.250:3.0.101.rt130-0.7.90:2.0.4_3.0.101_rt130_0.7.9-0.9.90:1.6_3.0.101_rt130_0.7.9-0.110:1.5.2_3.0.101_rt130_0.7.9-0.28.280:1.4_3.0.101_rt130_0.28-2.270:8.4.4_3.0.101_rt130_0.28-0.220:1.4.20_3.0.101_rt130_0.28-0.380:3.0.101.rt130-0.280:2.1.1_3.0.101_rt130_0.28-0.110:1.6_3.0.101_rt130_0.28-0.200:1.5.4.1_3.0.101_rt130_0.28-0.130:3.0.101.rt130-0.33.400:3.0.101.rt130-0.33.440:3.0.101.rt130-680:1.4_3.0.101_rt130_68-2.32.20:8.4.4_3.0.101_rt130_68-0.27.20:2_3.0.101_rt130_68-0.24.20:1.6_3.0.101_rt130_68-0.28.30:3.0.101.rt130-69.240:3.0.101.rt130-510:1.4_3.0.101_rt130_69.14-2.32.40:8.4.4_3.0.101_rt130_69.14-0.27.40:2_3.0.101_rt130_69.14-0.24.40:1.6_3.0.101_rt130_69.14-0.28.50:1.6_3.0.101_rt130_69.42-0.28.70:3.0.101.rt130-540:3.0.101.rt130-69.50:3.0.101.rt130-450:3.0.101.rt130-480:3.0.101.rt130-69.110:3.0.101.rt130-69.140:3.0.101.rt130-69.210:3.0.101.rt130-69.330:3.0.101.rt130-650:3.0.101.rt130-69.270:3.0.101.rt130-69.300:3.0.101.rt130-69.390:1.4.20-0.43.20:1.4.20_3.0.101_rt130_69.24-0.43.20:1.5.4.1_3.0.101_rt130_69.24-22.30:1.4_3.0.101_rt130_69.42-2.32.60:8.4.4_3.0.101_rt130_69.42-0.27.60:2_3.0.101_rt130_69.42-0.24.60:1.4.20-0.43.70:1.4.20_3.0.101_rt130_69.42-0.43.70:1.6_3.0.101_rt130_69.42-0.28.90:1.5.4.1_3.0.101_rt130_69.42-22.60:3.0.101.rt130-570:3.0.101.rt130-69.360:3.0.101.rt130-69.80:1.4.2_sr13.13-0.30:1.0.0-0.80:0.9.7g-146.22.440:0.9.7g-146.22.470:0.98.9-0.70:0.9.7g-146.22.500:0.9.7g-146.22.51.50:0.9.7g-146.22.51.80:5.4.15-0.150:5.9.33-0.200:2.0.10-0.380:5.3.7-0.90:1.2.74-0.200:1.2.2-0.160:1.2.74-0.220:2.5.84.4-80:2.5.5.5-140:2.5.24.9-240:2.5.13.8-230:4.0.9-5.60:4.0.7-5.80:4.0.8-5.80:4.0.11-12.160:4.0.14-18.510:4.0.25-28.420:4.0.5-6.120:2.2.2-0.68.30:2.2.2-0.68.60:2.6.1-50:2016.11.4-43.70:2016.11.4-43.100:2016.11.10-43.380:2016.11.4-420:4.0.4-3.30:0.5.2-0.380:1.4_3.0.101_0.7.17-2.180:2_3.0.101_0.7.17-0.70:1.6_3.0.101_0.7.17-0.110:6.4.3.6-7.19110:3.0.10-1.10:3.5-1.10:2.24.0-70:3.12.3.1-1.20:0.8.11-20:4.8-1.30:1.9.0.10-1.10:1.9.1.11-0.10:1.9.2.12-0.60:2.14.16-20:0.7.0.r4359-15.90:0.7.0.r1053-11.110:3.2.7-1510:2.2.47-30.50:2.2.10-2.23.220:5.2.6-50.180:0.6.23-11.140:2.0.1-1.260:3.2.7-11.210:1.34b-11.210:0.95.1-0.10:4.3.3_20081022-110:2.9-75.27.240:4.1-194.190:1.3.9-8.150:7.19.0-11.210:1.2-1070:2.1.22-182.200:1.2.10-3.90:0.76-34.100:3.1.1-7.130:2.45-12.230:1.0.5-1.270:2.24.1.1-11.80:3.24.1.1-3.230:2.24.1.1-11.120:IIIalpha9.8-6910:0.15-10:2.7.0-1300:0.10.21-30:1.1.3-870:0.3.15-30:2.3.7-25.90:2.24.0-24.390:8.62-32.250:4.2.7-32.250:2.18.2-7.70:2.9-13.110:2.24.0-14.270:2.4.1-24.160:2.0.9-25.260:1.4.1-60:1.6-80:1.0.4-10:0.10.21-2.360:0.10.10-4.90:4.0-7.220:0.7.1-10.310:0.4.15-94.140:0.4.15_2.6.27.48_0.6-94.140:1.4.2_sr13-0.10:1.5.0.13.1.2-0.10:1.6.0-124.60:1.6.0-124.70:4.1.3-9.140:4.1.3-9.280:4.1.3-7.170:4.1.3-18.80:4.1.3-7.90:3.5.10-23.300:4.1.3-8.210:4.1.3-8.180:0.5.5-1060:0_2.6.27.23_0.1-7.10:0.4.15_2.6.27.54_0.2-94.140:2.6.27.23-0.10:2.0.5_2.6.27.54_0.2-7.90:1.6.3-133.250:78.0.10.6-0.30:78.2.6.30.1_2.6.27.37_0.1-0.70:1.17-77.120:1.23-4.10:1.3.4-12.190:1.0.4-157.150:3.12.8-1.20:4.8.6-1.20:1.2.3-1060:2.0-11.200:2.4.12-7.190:5.0.67-13.260:0.9.8h-30.130:1.2.31-5.110:1.2.31-5.180:0.10.1-1.370:0.10.1-1.300:2.6.0-8.8.60:2.6.0-8.9.60:4.4.3-12.110:1.0.17-172.140:1.0.beta2-6.10:3.8.2-141.70:128-13.20:0.4.6-14.630:2.7.1-10.110:2.02.39-18.260:2.0.2-2.150:4.8.2-1.10:1.9.0.9-0.10:1.9.1.15-0.50:4.2.4p6-1.170:2.0.870-26.60:1.2.0-172.10.70:0.9.8h-30.140:0.9.8h-30.180:2.6.16-1.320:1.22.1-3.170:1.4.102-1.310:5.10.0-64.430:1.16-3.20:1.7-37.180:4.4.2.3-37.180:8.3.7-0.10:0.24.5-5.70:0.8.4-194.190:0.99.10-17.170:8.14.3-50.200:1.8.7.p72-5.220:4.2.8-1.230:0.7.1-42.50:0.9.0-1.270:0.5.2-128.180:2.1.1.2-20:1.0.5-1.260:0.5-15.160:0.4.6-14.600:0.5.2-8.470:0.5.3-66.420:0.0.3-3.570:0.3.27-0.10:3.3.1_18546_24-0.30:3.3.1_18546_24_2.6.27.45_0.3-0.30:2.8.1-238.270:2.17.21-0.10:0.2.10-64.650:24.6.0esr-0.30:24-0.4.100:3.16.1-0.30:6.4.3.6-7.240:6.4.3.6-78.970:6.4.3.6-78.1060:6.4.3.6-78.1090:6.4.3.6-78.1120:7.7-5.120:10.0.5-0.30:3.13.5-0.40:4.9.1-0.50:45.3.0esr-480:45.0-200:2.11.0-40:3.21.1-260:4.12-250:45.4.0esr-520:45.6.0esr-660:45.7.0esr-690:45.8.0esr-740:45.9.0esr-770:3.29.5-370:4.13.1-280:52.3.0esr-78.40:52-21.30:5.3.1+r233831-50:5.3.1+r233831-20:52.5.0esr-78.100:52.6.0esr-78.130:52.7.3esr-78.200:52.8.0esr-78.250:52.8.1esr-78.290:52.9.0esr-78.320:60.8.0esr-78.430:24.5.0esr-0.30:3.16-0.30:31.6.0esr-0.30:0.7.1_git20090811-3.9.90:0.7.1-5.15.70:0.6.9-4.50:0.7.1-5.15.110:0.9.svn1043876-1.30:1.6.1-83.17.80:1.6.1-83.17.110:3.6_SVNr208-2.18.30:11-6.380:2.5.2.1-188.50:1.7.0-200.26.50:2.2.34-70.210:2.2.12-1.300:1.2.40-0.2.50:1.0.8-0.4.70:5.2.14-0.7.30.420:3.3.1-147.240:0.114-12.8.30:0.114-0.8.30:2.1a15-131.23.20:0.7.0-135.16.16.30:0.8.1-7.200:0.8.1-7.220:0.8.1-7.23.30:0.6.23-11.25.25.30:1.4-236.38.30:1.4-236.38.60:3.2-147.120:5.2-147.120:9.6ESVR7P2-0.30:9.6ESVR11W1-0.60:9.6ESVR11W1-0.90:9.6ESVR11W1-0.120:9.6ESVR11W1-0.150:9.6ESVR11W1-0.180:9.6ESVR11W1-0.210:9.6ESVR11W1-0.240:9.6ESVR11W1-0.270:9.6ESVR11W1-0.300:9.6ESVR11W1-0.31.70:9.6ESVR11W1-0.31.120:4.51-1.5.30:2.0.1-1.340:3.4.3-1.400:1.34b-11.28.400:0.97.5-0.20:2.3.37-0.110:2.4.20-0.110:6.12-32.260:6.12-32.41.50:7.19.7-1.20.270:7.19.7-1.20.390:7.19.7-1.20.420:1.2.10-3.190:1.2.10-3.170:0.76-34.70:3.1.3.ESV-0.170:3.1.3.ESV-0.190:3.1.3.ESV-0.220:3.5.21-3.30:2.45-12.270:2.45-12.27.30:1.41.9-2.6.30:2.16-6.210:0.2-1001.30.30:0.137-8.240:0.137-8.24.30:2.0.1-88.42.60:2.0.1-88.42.90:0.6.3-5.60:10.0.4-0.30:3.13.4-0.20:10.0.6-0.40:24.3.0esr-0.4.20:4.7.2_20130108-0.160:3.15.4-0.4.20:24.4.0esr-0.5.50:24.7.0esr-0.30:3.16.2-0.30:24.8.0esr-0.30:3.16.4-0.30:31.3.0esr-0.30:31.4.0esr-0.30:3.17.3-0.30:31.5.3esr-0.30:31.7.0esr-0.30:38.2.1esr-170:38.3.0esr-200:38-120:3.19.2.1-120:38.7.0esr-360:3.20.2-200:4.12-190:52.4.0esr-78.70:3.29.5-38.30:60.9.0esr-78.460:2.54.3-2.110:3.10.9-2.120:60.7.0esr-78.400:60-21.60:2.10.2-2.60:2.26.1-2.50:1.15.10-2.80:0.76-34.2.40:2.9-2.40:2.36.11-2.50:2.54.3-2.40:3.10.9-2.80:1.7.5-2.40:1.40.14-2.40:0.34.0-2.50:3.41.1-38.60:4.20-29.30:31.2.0esr-0.11.110:31.0-0.5.50:3.17.2-0.30:2.3.7-25.300:2.7.2-61.270:2.7.2-61.27.30:4.3.4_20091019-7.30:4.3.4_20091019-7.90:3.1.2-3.30:2.24.0-24.280:2.11.1-0.340:3.0.3-0.40:11-1.180:3.2.8-0.40:2.11.1-0.680:2.11.1-0.720:2.11.1-0.790:2.11.1-0.80.30:2.11.1-0.80.60:2.11.1-0.80.90:2.11.1-0.80.120:2.11.1-0.80.170:2.11.1-0.80.230:2.11.1-0.320:2.28.0-3.11.120:2.4.1-24.39.390:2.0.9-25.33.42.80:0.10.25-1.3.50:2.18.9-0.20.180:2.18.9-0.20.210:2.18.9-0.20.260:2.18.9-0.20.27.50:2.18.9-0.20.27.80:2012.10.4-0.30:0.7.3-1.130:0.7.3-1.38.30:1.4.19-0.70:1.4.19_2.6.32.19_0.2-0.70:3.2.2-88.360:1.1.1-1.350:1.1.1-234.310:1.900.1-134.110:1.4.2_sr13.12-0.20:1.6.0_sr10.1-0.30:1.6.0_sr16.20-490:1.6.0_sr16.25-690:1.6.0_sr16.41-810:6b-879.12.120:6.2.0-879.12.120:1.14.1-16.270:0_2.6.32.59_0.3-0.30:0_2.6.32.59_0.3-7.90:0_2.6.32.59_0.3-0.180:1.4.19_2.6.32.19_0.3-0.70:2.6.32.59-0.70:2.6.32.59-0.30:2.0.5_2.6.32.19_0.3-7.100:4.0.3_21548_16_2.6.32.59_0.15-0.50:2.6.32.24-0.20:1.8.6-133.49.1210:1.8.6-133.49.125.110:1.8.6-133.49.125.160:1.8.6-133.49.125.190:0.12.5-1.200:0.12.5-1.300:1.14.0.894-30:0.37.1-5.19.30:0.6.1-122.30:1.4.1-6.100:1.4.1-6.140:1.4.1-6.170:1.4.1-6.200:1.4.1-6.120:0.1-20.20:0.43-1.2.50:2.4.20-0.50:1.7.0-1.3.30:1.7.0-1.3.60:1.7.0-1.3.130:1.7.0-1.3.160:5.0.96-0.40:0.9.8j-0.440:7.4-8.26.30:1.2.31-5.130:0.9.21-1.160:1.4.18-28.230:0.29.6-6.50:5.4.2.1-8.12.100:2.28.2-0.30:1.5-1.35.50:1.3.3-12.20:1.3.3-12.40:3.8.2-141.1480:0.1.6+git20080930-80:0.7.6-1.250:2.7.6-0.190:1.1.24-19.190:1.1.24-19.34.30:7.3.6-65.660:2.02.39-18.310:2.1.15-9.6.30:3.15-2.140:45.5.1esr-630:3.21.3-300:1.1.36-28.30:1.17-102.57.64.30:1.17-102.57.64.60:1.17-102.57.64.120:1.17-102.57.64.150:1.17-102.57.64.180:1.17-102.57.64.210:2.3-27.24.60:2.0.1-1.380:38.6.1esr-330:3.20.2-170:38.2.0esr-100:31.0-0.5.70:4.7.2_20130108-0.370:3.19.2.0-0.70:1.9.1.19-0.20:3.0.6-1.230:2.12-24.4.10.30:1.2.1-2.180:4.75-1.30.50:3.12.11-3.2.20:4.8.9-1.2.20:4.2.4p8-1.29.320:4.2.8p6-410:2.17.14.1-1.120:4.2.8p7-440:4.2.8p8-470:4.2.8p10-48.150:4.2.8p11-48.180:1.5.2-0.9.130:1.5.2_2.6.32.46_0.3-0.9.130:2.3.37-2.17.180:2.4.26-0.17.180:2.3.37-2.17.230:2.4.26-0.17.230:1.2.0-172.150:5.1p1-41.550:5.1p1-41.690:5.1p1-41.740:5.1p1-41.790:5.1p1-41.80.30:1.2.4.1-3.30:6.6p1-3.30:6.6p1-80.100:6.6p1-80.150:5.1p1-41.610:6.6p1-3.80:0.9.8h-27.30:2.0.9-143.35.50:2.0.9-143.35.80:2.0.9-143.35.9.30:2.0.9-143.35.9.60:2011.6.28-0.30:1.0.4-0.70:1.0.4-0.9.30:11-1.22.40:0.6.0-141.30:2.6.32.46-2.5.30:5.10.0-64.61.63.30:1.24-4.30:2.33-20:5.816-2.170:5.2.14-0.7.30.720:5.2.14-0.7.30.790:5.2.14-0.7.30.840:5.2.14-0.7.30.890:5.2.14-0.7.30.940:5.2.14-0.7.30.970:5.2.14-0.7.30.1000:5.2.14-0.7.30.1030:5.2.14-0.7.30.1100:5.2.14-0.7.30.111.50:5.2.14-0.7.30.111.80:5.2.14-0.7.30.111.110:5.2.14-0.7.30.111.160:5.2.14-0.7.30.111.200:5.2.14-0.7.30.111.230:5.2.14-0.7.30.111.260:5.2.14-0.7.30.111.350:5.2.14-0.7.30.111.380:5.2.14-0.7.30.111.410:5.2.14-111.460:5.2.14-111.510:5.2.14-111.540:5.2.14-111.590:0.16.0-2.7.30:2.0.79-4.80:2.0.79-4.9.30:1.7-37.29.330:4.4.2.3-37.29.330:4.4.2.3-37.29.350:2.5.6-5.80:8.3.20-0.40:9.1-0.6.100:8.3.18-0.30:9.4-0.5.30:10.6-0.2.50:10-0.8.30:10.8-0.2.80:10.9-0.2.110:10.10-0.2.140:9.4.24-0.23.220:3.22-240.8.30:2.6.17-0.30:2.7.26-0.5.30:1.0.22-3.130:2.1.2-1.240:2.6.8-0.130:2.6-8.130:2.7.9-6.60:2.7.9-6.90:2.7.9-6.140:2.7.9-6.170:2.7.9-6.200:2.7.16-6.290:18.0.1-4.20:0.99.15-0.100:3.16-50.36.360:3.0.4-2.360:3.0.4-2.420:3.0.4-2.48.40:3.0.4-2.48.80:3.18.3-7.260:1.8.7.p72-5.280:0.12.21~rc-936.30:3.4.3-560:1.34b-560:3.4.3-590:1.34b-590:3.4.3-630:1.34b-630:3.4.3-660:1.34b-660:3.4.3-690:1.34b-690:3.4.3-70.30:1.34b-70.30:3.4.3-70.60:1.34b-70.60:3.4.3-70.90:1.34b-70.90:3.4.3-70.120:1.34b-70.120:1.3.7-0.190:1.3.7-0.210:4.0.2-162.19.2.30:3.6.4-4.30:2.7.STABLE5-2.12.240:2.7.STABLE5-2.12.290:2.7.STABLE5-2.12.30.30:3.1.23-8.16.300:3.1.23-8.16.360:3.1.23-8.16.37.30:3.1.23-8.16.37.60:3.1.23-8.16.37.90:1.4-13.100:4.4.0-6.130:4.4.0-6.350:4.4.0-6.36.30:4.36-0.120:1.7.6p2-0.2.80:1.7.6p2-0.2.200:1.20-0.100:0.71.31-0.70:1.26-1.2.100:3.9.8-1.290:3.9.8-1.30.50:0.9.10-0.80:6.0.45-0.530:6.0.45-0.500:6.0.53-0.57.70:6.0.53-0.57.100:3.2.5-160.30:5.6.1-5.30:5.52-142.290:5.52-142.330:5.52-142.34.30:2.16-6.110:7.2-100:7.2-130:7.2-180:2.28.1-2.30:2.0.7-4.210:0.5.3.git20161120-40:1.4.13-0.20:1.7.4-7.30:0.109.2-67.20:0.6.9-4.90:4.0.3_21548_18-0.210:4.0.3_21548_18_2.6.32.59_0.19-0.210:4.0.3_21548_18-290:4.0.3_21548_18_2.6.32.59_0.19-290:4.0.3_21548_18-270:4.0.3_21548_18_2.6.32.54_0.68.TDC-270:4.0.3_21548_18-300:4.0.3_21548_18_2.6.32.54_0.68.TDC-300:4.0.3_21548_18-360:4.0.3_21548_18_2.6.32.54_0.85.TDC-360:4.0.3_21548_18-410:4.0.3_21548_18_2.6.32.54_0.94.TDC-410:4.0.3_21548_18-440:4.0.3_21548_18_2.6.32.54_0.97.TDC-440:4.0.3_21548_18-490:4.0.3_21548_18_2.6.32.54_0.103.TDC-490:4.0.3_21548_18-520:4.0.3_21548_18_2.6.32.54_0.103.TDC-520:4.0.3_21548_18-53.50:4.0.3_21548_18_2.6.32.54_0.112.TDC-53.50:4.0.3_21548_18-53.80:4.0.3_21548_18_2.6.32.54_0.112.TDC-53.80:4.0.3_21548_18-53.110:4.0.3_21548_18_2.6.32.54_0.116.TDC-53.110:4.0.3_21548_18-53.140:4.0.3_21548_18_2.6.32.54_0.122.TDC-53.140:4.0.3_21548_18-53.190:4.0.3_21548_18_2.6.32.54_0.133.TDC-53.190:0.7.6-1.210:0.4.30-0.30:4.0.1_21326_08-0.50:4.0.1_21326_08_2.6.32.36_0.5-0.50:0.4.31-0.30:4.0.2_21511_02-0.70:4.0.2_21511_02_2.6.32.43_0.4-0.70:0.7.6-1.290:1.1.3-1.50:4.0.3_21548_02-0.50:4.0.3_21548_02_2.6.32.54_0.3-0.50:4.0.3_21548_04-0.90:4.0.3_21548_04_2.6.32.59_0.5-0.90:0.4.34-0.30:4.0.3_21548_08-0.70:4.0.3_21548_08_2.6.32.59_0.7-0.70:4.0.3_21548_10-0.50:4.0.3_21548_10_2.6.32.59_0.7-0.50:4.0.3_21548_11-0.30:4.0.3_21548_11_2.6.32.54_0.11.TDC-0.30:4.0.3_21548_14-0.50:4.0.3_21548_14_2.6.32.54_0.31.TDC-0.50:4.0.3_21548_16-0.50:4.0.3_21548_16_2.6.32.59_0.9-0.50:4.0.3_21548_18-0.50:4.0.3_21548_18_2.6.32.54_0.45.TDC-0.50:4.0.3_21548_18-0.150:4.0.3_21548_18_2.6.32.59_0.19-0.150:4.0.3_21548_18-0.250:4.0.3_21548_18_2.6.32.59_0.19-0.250:4.0.3_21548_18-330:4.0.3_21548_18_2.6.32.54_0.73.TDC-330:7.4-9.390:7.4-27.40.520:7.4-27.40.780:7.4-27.40.79.50:7.4-27.40.79.80:7.4_0.11.0-0.4.60:7.4-27.40.500:3.02-138.290:3.02-138.360:2.17.35.3-0.30:2.17.99.5-50:1.2.7-0.80:4.3.6-67.9.30:1.3.21-0.30:10.0.2-0.40:1.6.0_sr10.0-0.30:0.9.8j-0.280:1.2.31-5.270:2.6.12-0.120:4.1.6_08-170:4.1.6_08_3.0.101_0.7.29-170:3.2-147.14.220:5.2-147.14.220:1.34b-12.33.390:4.2.4.P2-0.11.150:2.11.3-17.45.660:3-0.50:1.6.0_sr16.0-0.30:1.7.0_sr7.0-0.50:1.7.0_sr9.30-450:1.7.0_sr9.40-520:3.0.101-0.7.470:3.0.101-0.7.530:3.0.101-0.7.370:3.0.101-0.7.400:3.0.101-0.7.440:0.15.1-0.320:1.34b-12.240:3.16.5-0.4.20:2.12-24.4.80:2.6.16-1.400:5.3.17-470:5.3.17-550:5.3.17-580:1.34b-450:3.6.3-450:1.34b-480:3.6.3-480:1.34b-520:3.6.3-520:3.6.3-560:6.0.18-20.35.420:4.1.6_08-0.110:4.1.6_08-0.50:4.1.6_08_3.0.101_0.7.23-0.50:4.1.6_08-200:4.1.6_08_3.0.101_0.7.37-200:4.1.6_08-260:4.1.6_08_3.0.101_0.7.37-260:4.1.6_08-290:4.1.6_08_3.0.101_0.7.40-290:4.1.6_08-320:4.1.6_08_3.0.101_0.7.44-320:4.1.6_06-0.50:4.1.6_06_3.0.101_0.7.17-0.50:4.1.6_08-0.90:4.1.6_08_3.0.101_0.7.29-0.90:4.1.6_08-0.130:4.1.6_08_3.0.101_0.7.29-0.130:4.1.6_08-230:4.1.6_08_3.0.101_0.7.37-230:2.2.0.0-70:2.2.0.0-100:2.3.2.0-11.50:0.1.3-0.10.22.20:2.6-2.19.20:3.10-0.15.20:0.10-0.3.20:1.13.1-0.3.20:2.6-0.3.20:1.4-236.236.44.90:1.4-236.236.44.120:3.2-147.280:5.2-147.280:4.99-0.9.30:1.0.6-257.80:1.0.6-257.110:1.34b-12.520:5.1-0.130:2.5.69.8-110:2.1.12-140:8.12-6.25.33.30:8.12-6.25.33.60:2.71-0.150:2.78-0.16.80:2.11-121.31.40:0.152-4.250:38-100:31.0-0.50:31.0-0.70:7.5.1-0.9.30:2.11.3-17.110.300:0.10.30-5.140:1-0.81.30:1.6.0_sr16.20-510:1.7.0_sr9.30-470:1.7.0_sr10.10-65.50:1.7.0_sr10.45-65.390:3.0.101-0.47.790:3.0.101-0.47.106.140:1.4.20_3.0.101_0.40-0.380:1.5.4.1_3.0.101_0.40-0.130:2.0.5_3.0.101_0.40-7.390:1.4.2-460:1.4.2-490:1.4.2-520:1.4.2-53.290:1.4.2-53.350:1.5.0-0.26.30:1.0.5.9-21.120:1.0.5.9-21.150:1.0.5.9-21.230:1.17-102.83.210:2.3.37-2.350:2.3.37-2.620:6.6p1-41.130:1.1.5-0.12.30:0.2808.01-0.800:0.72-0.800:0.2808.01-0.81.30:0.72-0.81.30:0.2808.01-0.81.100:0.72-0.81.100:5.3.17-112.630:5.3.17-112.660:1.2.16-0.130:2.6.1-0.140:3.2.7-152.310:1.13.1-0.3.50:2.6-0.3.60:18.5-3.30:0.30-3.30:2.4.4-0.3.30:2.7.2-2.3.30:0.18-3.30:0.7.2-0.3.30:3.10-0.3.30:1.2.1-2.3.30:1.4-3.30:1.7.42-3.30:1.10.57-3.30:1.5.2-3.30:5.0.6-1.3.30:1.3.1-3.50:2.1-3.30:0.11-0.3.30:0.10-0.3.30:1.1.3-3.30:3.0.2-3.30:2.0-3.30:1.0.18-3.30:1.1-0.3.30:1.0-0.3.30:2.4.0-3.30:0.9.1-2.3.30:1.0.1-3.30:0.7.2-3.30:1.13.1-0.3.30:3.4-3.30:0.1.9-3.30:0.0.5-3.30:2.10-3.30:2.6-0.3.30:2.7-3.30:2.5.1-0.3.40:1.5.5-3.30:2.0.1-0.3.30:0.1.13-3.30:3.8.2-3.30:1.7.2-0.3.30:3.0.4-2.520:3.0.4-2.53.30:3.0.4-2.53.60:1.34b-670:1.34b-760:1.34b-870:1.34b-94.110:1.34b-12.560:1.34b-640:3.7.6.3-1.4.7.60:1.7.6p2-0.290:1.20-1210:20120115_1.7.0-0.5.50:6.00-11.170:6.00-11.18.30:6.00-11.18.80:7.2-8.170:7.2-8.200:2.0.7-4.290:0.7.1-6.18.60:4.2.5_20-240:4.2.5_20_3.0.101_0.47.79-240:4.2.5_21-310:4.2.5_21_3.0.101_0.113.TDC-310:4.2.5_21-370:4.2.5_21_3.0.101_0.116.TDC-370:4.2.5_21-400:4.2.5_21_3.0.101_0.119.TDC-400:4.2.5_21-430:4.2.5_21_3.0.101_0.119.TDC-430:4.2.5_21-460:4.2.5_21_3.0.101_0.122.TDC-460:4.2.5_21-47.70:4.2.5_21_3.0.101_0.125.TDC-47.70:4.2.5_21-47.100:4.2.5_21_3.0.101_0.126.5.TDC-47.100:4.2.5_21-47.130:4.2.5_21_3.0.101_0.132.TDC-47.130:4.2.5_21-47.160:4.2.5_21_3.0.101_0.139.TDC-47.160:4.2.5_21-47.210:4.2.5_21_3.0.101_0.150.TDC-47.210:4.2.5_21-47.240:4.2.5_21_3.0.101_0.156.TDC-47.240:4.2.5_21-47.270:4.2.5_21_3.0.101_0.181.TDC-47.270:4.2.5_21-47.320:4.2.5_21_3.0.101_0.190.TDC-47.320:2.17.147.1-90:2.71-0.160:2.78-0.17.50:3.0.26-30:2.00-0.66.80:1.7.1_sr4.45-26.400:1.7.1_sr4.50-26.440:3.0.101-108.900:20110923-0.59.30:3.0.101-108.950:3.0.101-108.980:3.0.101-108.1010:1.4.20_3.0.101_108.52-0.43.20:1.5.4.1_3.0.101_108.52-22.30:1.4.20_3.0.101_108.87-0.43.70:1.5.4.1_3.0.101_108.87-22.60:2.0.5-7.44.20:2.0.5_3.0.101_108.87-7.44.20:1.4.2-440:1.4.2-470:1.4.2-500:1.4.2-590:1.4.2-60.30:1.4.2-60.60:1.4.2-60.90:1.4.2-60.120:1.4.2-60.150:1.4.2-60.180:1.4.2-60.210:1.4.2-60.240:1.4.2-60.270:1.4.3-17.60:1.4.3-17.90:1.2.5-40:1.2.5-23.200:1.2.5-23.240:1.2.5-3.30:4.2.8p9-570:4.2.8p11-64.40:4.2.8p12-64.70:4.2.8p13-64.130:10.1.0-70:6.6p1-210:6.6p1-280:6.6p1-350:6.6p1-36.30:6.6p1-36.60:6.6p1-36.120:6.6p1-36.200:11-1.27.30:4.4.0-6.290:6.0.41-0.470:4.4.4_07_3.0.101_77-370:4.4.4_08_3.0.101_80-400:4.4.4_10_3.0.101_88-430:4.4.4_12_3.0.101_91-460:4.4.4_14_3.0.101_94-510:4.4.4_16_3.0.101_97-540:4.4.4_18_3.0.101_97-570:4.4.4_20_3.0.101_104-600:4.4.4_22_3.0.101_108.7-61.90:4.4.4_24_3.0.101_108.10-61.120:4.4.4_26_3.0.101_108.13-61.170:4.4.4_28_3.0.101_108.35-61.230:4.4.4_30_3.0.101_108.38-61.260:4.4.4_32_3.0.101_108.52-61.290:4.4.4_34_3.0.101_108.57-61.320:4.4.4_36_3.0.101_108.68-61.370:4.4.4_38_3.0.101_108.84-61.400:4.4.4_40_3.0.101_108.87-61.430:4.4.4_40-61.460:4.4.4_40_3.0.101_108.90-61.460:1.6.3-133.49.560:3.9.8-3.70:0_2.6.27.39_0.3-7.10:2.6.27.39-0.30:0.9.8j-0.320:0.9.8j-0.720:5.0.67-13.160:1.4.2_sr13.1-0.10:3.5.10-0.10:1.9.0.13-1.10:1.9.1.10-1.10:3.0.7-1.10:1.9.0.7-1.10:1.0.17-172.130:1.6.0_sr7.0-1.10:8.62-32.220:4.2.7-32.220:0.9.8h-30.120:3.0.9-0.10:0_2.6.27.21_0.1-7.10:2.6.27.21-0.10:9.5.0P2-20.30:4.2.8-1.220:0.10.1-1.310:3.0.8-1.10:1.9.0.8-1.10:1.4.2_sr13.2-0.10:3.0.12-0.10:1.9.0.12-1.10:1.22.1-3.180:2.2.10-2.210:0.95-0.20:5.2.6-50.190:0_2.6.27.25_0.1-7.10:2.6.27.25-0.10:0_2.6.27.48_0.1-7.10:2.6.27.48-0.10:3.0.11-0.10:1.9.0.11-1.10:3.5.4-1.10:1.9.0.15-0.10:1.9.1.4-2.10:3.5.8-0.10:1.9.0.18-0.10:1.9.1.8-1.10:3.2.7-11.70:1.34b-11.70:2.6.16-1.330:4.2.8-1.240:78.0.10.5-0.20:78.2.6.30.1_2.6.27.25_0.1-0.20:3.12.3.1-1.10:0_2.6.27.29_0.1-7.10:2.6.27.29-0.10:2.4.12-7.180:1.5.17-42.320:2.7.1-10.90:7.19.0-11.220:1.6.0_sr6-1.10:1.0.5-1.310:2.6.0-8.8.10:2.6.0-8.9.10:3.0.13-0.10:4.2.8-1.270:5.2.6-50.230:3.2.7-11.80:1.34b-11.80:1.3.9-8.200:0_2.6.27.37_0.1-7.10:2.6.27.37-0.10:3.5.3-1.10:1.9.0.14-1.10:1.9.1.3-1.10:0_2.6.27.42_0.1-7.10:2.6.27.42-0.10:8.3.8-0.10:0.9.8h-30.22.210:2.18.2-7.90:1.6.3-133.260:2.7.2-61.150:3.5.6-1.10:1.9.1.6-1.10:2.4.1-24.320:1.4.2_sr13.4-1.60:3.12.6-3.10:1.9.1.9-1.10:1.4.2_sr13.6-1.60:1.6.0_sr9.0-0.20:2.4.1-24.39.530:4.2.4p6-1.180:2.0.1-88.220:0_2.6.27.45_0.1-7.10:2.6.27.45-0.10:1.9.0.16-0.10:9.5.0P2-20.40:8.62-32.27.260:4.2.7-32.27.260:2.11.1-0.580:2.4.1-24.39.490:2.11.1-0.300:1.4.2_sr13.5-0.10:1.6.0_sr8.0-0.10:1.6.0_sr8.0-0.70:1.6.0_sr16.4-0.30:3.6.13-0.70:1.9.1.16-0.10:1.9.2.13-1.70:3.5.7-1.10:1.9.0.17-0.10:1.9.1.7-1.10:2.11.1-0.180:5.2.14-0.10:1.3.9-8.370:3.2.7-11.90:1.34b-11.90:3.5.11-0.10:8.3.11-0.10:0.9.10-0.60:5.10.0-64.440:5.10.0-64.480:5.10.0-64.61.630:0.7.0.r4359-15.20.100:0.7.0.r4359-15.250:0_2.6.32.13_0.4-0.30:0_2.6.32.59_0.7-0.30:0_2.6.32.13_0.4-7.30:0_2.6.32.59_0.7-7.90:0_2.6.32.59_0.13-7.90:0_2.6.32.59_0.7-0.180:0_2.6.32.59_0.13-0.180:2.6.32.13-0.40:2.6.32.59-0.150:1.6.3-133.330:1.4.2_sr13.8-1.50:1.4.2_sr13.8-0.30:1.6.3-133.390:2.2.10-2.300:1.4.4-0.20:3.6.15-0.20:1.9.1.17-0.20:1.9.2.15-0.20:5.0.96-0.8.80:2.6.0-8.100:0.96.1-0.10:0_2.6.32.13_0.5-0.30:0_2.6.32.13_0.5-7.30:2.6.32.13-0.50:0.99.15-0.40:2.3.7-25.110:1.7-37.250:4.4.2.3-37.250:3.2.7-11.200:1.34b-11.200:2.1.0.0_2.6.33.7.2_rt30_0.3-0.20:1.4.19_2.6.33.7.2_rt30_0.3-0.70:2.6.33.7.2-0.30:1.4.2_2.6.33.7.2_rt30_0.3-0.140:0.7.6-1.120:7.4-27.240:0_2.6.32.19_0.2-0.30:0_2.6.32.19_0.2-7.30:2.6.32.19-0.20:4.6.3-5.20.270:4.3.4-3.40:3.6.10-1.60:1.9.2.10-1.10:5.10.0-64.530:0_2.6.27.54_0.2-7.10:2.6.27.54-0.20:0.9.8h-30.22.220:0.9.8h-30.280:0_2.6.32.29_0.3-0.30:0_2.6.32.29_0.3-7.90:2.6.32.29-0.30:0.99.10-17.180:0.99.15-0.20:0_2.6.32.23_0.3-0.30:0_2.6.32.23_0.3-7.30:2.6.32.23-0.30:0_2.6.32.19_0.3-0.30:0_2.6.32.19_0.3-7.30:2.6.32.19-0.30:0_2.6.27.48_0.12-7.10:2.6.27.48-0.120:0_2.6.32.24_0.2-0.30:0_2.6.32.24_0.2-7.30:2.3.7-25.170:3.4.3-1.190:1.34b-11.190:3.4.3-1.540:3.6.12-0.60:0.96.4-0.20:0_2.6.32.27_0.2-0.30:0_2.6.32.27_0.2-7.30:2.6.32.27-0.20:5.2.14-0.7.130:2.3.7-25.240:5.0.94-0.2.20:2.11.1-0.200:0.9.8h-30.22.280:0.9.8h-30.290:2.1.0.0_2.6.33.20_rt31_0.3-0.20:1.4_2.6.33.20_rt31_0.3-2.50:8.3.11_2.6.33.20_rt31_0.3-0.30:1.4.19_2.6.33.20_rt31_0.3-0.9.110:2.6.33.20-0.30:1.6_2.6.33.20_rt31_0.3-0.4.20:1.5.2_2.6.33.20_rt31_0.3-0.9.130:1.4_3.0.74_rt98_0.6.2-2.180:8.4.2_3.0.74_rt98_0.6.2-0.6.60:1.4.20_3.0.74_rt98_0.6.2-0.230:3.0.74.rt98-0.6.20:2.0.4_3.0.74_rt98_0.6.2-0.70:1.6_3.0.74_rt98_0.6.2-0.110:1.5.2_3.0.74_rt98_0.6.2-0.28.280:0_2.6.32.54_0.3-0.30:0_2.6.32.54_0.3-7.90:2.6.32.54-0.30:0_2.6.32.36_0.5-0.30:0_2.6.32.36_0.5-7.90:2.6.32.36-0.50:2.1.0.0_2.6.33.18_rt31_0.3-0.20:1.4_2.6.33.18_rt31_0.3-2.50:8.3.11_2.6.33.18_rt31_0.3-0.30:1.4.19_2.6.33.18_rt31_0.3-0.70:2.6.33.18-0.30:1.6_2.6.33.18_rt31_0.3-0.4.20:0_2.6.32.45_0.3-0.30:0_2.6.32.45_0.3-7.90:2.6.32.45-0.30:2.7.6-0.30:5.2.14-0.7.220:0.9.8h-30.300:3.9.8-3.50:1.6.0_sr9.1-1.50:1.4.2_sr13.9-0.40:1.4.2_sr13.9-0.30:2.7.6-0.70:2.11.1-0.500:0_2.6.32.59_0.13-0.30:2.6.32.59-0.190:4.0.3_21548_18_2.6.32.59_0.19-0.90:0.9.8h-30.320:3.6.17-0.20:1.9.2.17-0.30:3.6.18-0.20:1.9.2.18-1.20:3.6.20-0.20:1.9.2.20-1.20:3.8.2-141.160:2.3.7-25.260:1.6.3-133.460:2.5.6-5.60:3.4.3-1.210:1.6.0_sr9.2-0.40:1.4.2_sr13.10-0.30:3.2.3-44.220:3.1.3.ESV-0.90:0.97-5.20:0_2.6.32.43_0.4-0.30:0_2.6.32.43_0.4-7.90:2.6.32.43-0.40:5.2.14-0.7.30.340:3.0.26-0.70:1.4_3.0.26_0.7-2.100:2_3.0.26_0.7-0.70:1.6_3.0.26_0.7-0.70:0_2.6.32.59_0.9-0.30:0_2.6.32.59_0.9-7.90:2.6.32.59-0.90:3.0.101-0.7.230:4.1.6_06_3.0.101_0.7.23-0.50:2.11.1-0.460:5.2.14-0.7.30.460:5.3.8-0.390:1.0.22-3.50:0_2.6.32.49_0.3-0.30:0_2.6.32.49_0.3-7.90:2.6.32.49-0.30:1.4.4-0.40:0.12.5-1.80:2.3.11-60.610:2.7.6-0.90:0.9.8h-30.340:1.4.4-0.60:0.12.5-1.160:3.6.24-0.30:9.6ESVR4P3-0.20:9.6ESVR7P4-0.2.30:3.4.3-1.320:1.34b-11.27.320:0.97.2-1.20:3.1.3.ESV-0.130:2.7.6-0.110:0_2.6.32.46_0.3-0.30:0_2.6.32.46_0.3-7.90:2.6.32.46-0.30:3.6.23-0.30:1.9.2.23-1.20:1.2.31-5.290:2.7.6-0.170:2.2.12-1.180:3.1.12-8.80:2.3.11-60.630:0.9.8h-30.420:1.7-37.29.290:4.4.2.3-37.29.290:1.4.2_sr13.11-0.50:1.4.2_sr13.11-0.30:1.4.2_sr13.12-0.30:1.9.2.26-0.30:2.6.12-0.60:1.1.24-19.170:5.3.8-0.230:9.6ESVR5P1-0.2.40:1.4.20-2.460:2.0.10-0.340:2.2.12-1.360:1.4.11-0.2.20:10.0.3-0.70:3.13.3-0.20:4.9.0-0.30:10.0.1-0.40:1.6.0.0_b24.1.11.4-0.30:1.7.0_sr2.0-0.50:1.6.0_sr11.0-0.30:3.6.3-0.220:1.34b-12.220:2.7.6-0.150:3.0.58-0.6.20:4.1.3_06_3.0.58_0.6.2-0.70:1.4_3.0.58_0.6.2-2.180:2_3.0.58_0.6.2-0.70:1.6_3.0.58_0.6.2-0.110:5.2.14-0.7.30.380:5.3.8-0.270:3.8.2-141.1440:3.4.3-1.380:1.34b-11.28.380:9.5.3-0.20:9.4.6-0.4.20:1.6.0.0_b24.1.11.5-0.20:1.4.2_sr13.14-0.20:1.6.0_sr12.0-0.50:1.7.0_sr3.0-0.50:1.6.0_sr13.0-0.80:1.7.0_sr4.0-0.60:1.4.12-0.30:3.0.51-0.7.90:1.4_3.0.51_0.7.9-2.180:2_3.0.51_0.7.9-0.70:1.6_3.0.51_0.7.9-0.110:9.6ESVR7P1-0.50:9.6ESVR7P1-0.2.50:1.4.2_sr13.13-0.20:2.6.12-0.140:3.8.2-141.1460:0.9.8j-0.360:3.0.34-0.70:1.4_3.0.34_0.7-2.100:2_3.0.34_0.7-0.70:1.6_3.0.34_0.7-0.70:3.0.31-0.90:1.4_3.0.31_0.9-2.100:2_3.0.31_0.9-0.70:1.6_3.0.31_0.9-0.70:3.0.74-0.6.60:4.1.4_02_3.0.74_0.6.6-0.50:1.4_3.0.74_0.6.6-2.180:2_3.0.74_0.6.6-0.70:1.6_3.0.74_0.6.6-0.110:5.3.8-0.330:0.9.8j-0.380:5.2.14-0.7.30.400:3.0.101-0.350:4.2.4_02_3.0.101_0.35-0.70:1.4_3.0.101_0.35-2.270:2_3.0.101_0.35-0.160:1.6_3.0.101_0.35-0.200:1.4_3.0.61_rt85_0.7-2.180:8.4.2_3.0.61_rt85_0.7-0.6.60:1.4.20_3.0.61_rt85_0.7-0.230:3.0.61.rt85-0.70:2.0.4_3.0.61_rt85_0.7-0.70:1.6_3.0.61_rt85_0.7-0.110:1.5.2_3.0.61_rt85_0.7-0.260:1.4_3.0.101_rt130_0.24-2.270:8.4.4_3.0.101_rt130_0.24-0.220:1.4.20_3.0.101_rt130_0.24-0.380:3.0.101.rt130-0.240:2.1.1_3.0.101_rt130_0.24-0.110:1.6_3.0.101_rt130_0.24-0.200:1.5.4.1_3.0.101_rt130_0.24-0.130:0.12.5-1.240:5.3.8-0.350:3.0.42-0.70:1.4_3.0.42_0.7-2.180:2_3.0.42_0.7-0.70:1.6_3.0.42_0.7-0.110:3.0.38-0.50:1.4_3.0.38_0.5-2.160:2_3.0.38_0.5-0.70:1.6_3.0.38_0.5-0.70:2.11.3-17.430:2.11.3-17.45.530:1.4-0.50:1.4-0.100:2.3.14-0.140:0.15.1-0.230:4.2.4.P1-0.50:9.6ESVR7P2-0.80:4.2.4.P2-0.50:1.4.15-0.20:9.6ESVR7P3-0.90:9.6ESVR7P3-0.20:9.6ESVR10P2-0.60:3.0.101-0.460:3.0.101-0.420:4.2.5_02_3.0.101_0.46-0.70:4.2.5_02_3.0.101_0.42-0.70:1.4_3.0.101_0.46-2.270:1.4_3.0.101_0.42-2.270:2_3.0.101_0.46-0.160:2_3.0.101_0.42-0.160:1.6_3.0.101_0.46-0.200:1.6_3.0.101_0.42-0.200:1.4_3.0.101_rt130_0.32-2.270:8.4.4_3.0.101_rt130_0.32-0.220:1.4.20_3.0.101_rt130_0.32-0.380:3.0.101.rt130-0.320:2.1.1_3.0.101_rt130_0.32-0.110:1.6_3.0.101_rt130_0.32-0.200:1.5.4.1_3.0.101_rt130_0.32-0.130:3.0.101-0.7.290:4.1.6_08_3.0.101_0.7.29-0.50:2.11.3-17.560:2.11.1-0.520:3.8.2-141.1500:4.6.3-5.180:2.7.6-0.210:9.6ESVR7P4-0.80:11.2.202.243-0.30:11.2.202.251-0.30:4.1.3_06-0.70:4.1.3_06_3.0.51_0.7.9-0.70:4.0.3_21548_12-0.30:4.0.3_21548_12_2.6.32.54_0.11.TDC-0.30:1.8.4-0.30:5.5.42-0.80:11.2.202.258-0.30:2.0.9-25.33.330:3.6.3-0.460:3.4.3-1.520:1.34b-11.28.520:1.34b-11.28.500:3.6.3-0.33.410:1.34b-12.460:2.6.32.59-0.130:2.11.3-17.800:2.11.1-0.620:2.11.3-17.45.570:3.0.80-0.50:4.1.5_02_3.0.80_0.5-0.50:3.0.82-0.70:4.2.5_08_3.0.101_0.47.55-0.70:1.4_3.0.80_0.5-2.180:2_3.0.80_0.5-0.70:1.6_3.0.80_0.5-0.110:1.4_3.0.82_0.7-2.250:2_3.0.82_0.7-0.160:1.6_3.0.82_0.7-0.180:1.4_3.0.80_rt108_0.5-2.180:8.4.2_3.0.80_rt108_0.5-0.6.60:1.4.20_3.0.80_rt108_0.5-0.230:3.0.80.rt108-0.50:2.0.4_3.0.80_rt108_0.5-0.70:1.6_3.0.80_rt108_0.5-0.110:1.5.2_3.0.80_rt108_0.5-0.28.280:0.9.7g-146.22.250:0.9.7g-146.22.290:1.6.0.0_b27.1.12.3-0.20:0.9.6-0.250:3.6.3-0.300:3.4.3-1.420:3.4.3-1.440:1.34b-11.28.440:1.34b-12.300:6.12-32.410:9.1.8-0.50:1.6.0.0_b27.1.12.5-0.20:1.6.0_sr13.2-0.30:1.7.0_sr4.2-0.60:1.6.0.0_b27.1.12.2-0.20:1.4.2_sr13.15-0.30:1.4.2_sr13.16-0.20:11.2.202.273-0.30:11.2.202.261-0.30:11.2.202.262-0.30:11.2.202.270-0.30:9.5.4-0.30:9.4.6-0.4.30:11.2.202.275-0.30:17.0.3esr-0.4.40:17.0.3esr-0.4.20:1.6.0.0_b27.1.12.4-0.20:3.0.58-0.6.60:4.1.3_06_3.0.58_0.6.6-0.70:1.4_3.0.58_0.6.6-2.180:2_3.0.58_0.6.6-0.70:1.6_3.0.58_0.6.6-0.110:3.0.93-0.50:4.1.5_02_3.0.93_0.5-0.50:3.0.93-0.80:4.2.2_06_3.0.93_0.8-0.70:1.4_3.0.93_0.5-2.180:2_3.0.93_0.5-0.70:1.6_3.0.93_0.5-0.110:1.4_3.0.93_0.8-2.270:2_3.0.93_0.8-0.160:1.6_3.0.93_0.8-0.200:1.4_3.0.93_rt117_0.5-2.180:8.4.2_3.0.93_rt117_0.5-0.6.60:1.4.20_3.0.93_rt117_0.5-0.25.250:3.0.93.rt117-0.50:2.0.4_3.0.93_rt117_0.5-0.70:1.6_3.0.93_rt117_0.5-0.110:1.5.2_3.0.93_rt117_0.5-0.28.280:1.4_3.0.93_rt117_0.9-2.270:8.4.3_3.0.93_rt117_0.9-0.190:1.4.20_3.0.93_rt117_0.9-0.380:3.0.93.rt117-0.90:2.1.1_3.0.93_rt117_0.9-0.110:1.6_3.0.93_rt117_0.9-0.200:1.5.4.1_3.0.93_rt117_0.9-0.130:11.2.202.280-0.30:1.4.2_sr13.17-0.20:1.6.0.0_b27.1.12.6-0.20:1.7.0.6-0.190:1.6.0_sr14.0-0.30:1.7.0_sr5.0-0.50:1.8.5-0.20:0.24.4-0.130:5.2.14-0.7.30.480:5.3.8-0.410:17.0.8esr-0.4.20:17.0.8esr-0.70:1.6.17-1.150:5.5.33-0.110:7.4-27.70.720:7.4-27.40.700:7.4-27.40.640:7.19.7-1.20.250:7.19.7-1.20.330:1.6.17-1.170:7.4-8.26.360:7.4-8.26.380:1.4.2-0.110:2.6.16-1.380:3.0.74-0.6.80:4.1.4_02_3.0.74_0.6.8-0.50:1.4_3.0.74_0.6.8-2.180:2_3.0.74_0.6.8-0.70:1.6_3.0.74_0.6.8-0.110:1.4_3.0.74_rt98_0.6.4-2.180:8.4.2_3.0.74_rt98_0.6.4-0.6.60:1.4.20_3.0.74_rt98_0.6.4-0.230:3.0.74.rt98-0.6.40:2.0.4_3.0.74_rt98_0.6.4-0.70:1.6_3.0.74_rt98_0.6.4-0.110:1.5.2_3.0.74_rt98_0.6.4-0.28.280:3.0.101-0.150:4.2.3_08_3.0.101_0.15-0.70:1.4_3.0.101_0.15-2.270:2_3.0.101_0.15-0.160:1.6_3.0.101_0.15-0.200:1.4_3.0.101_rt130_0.10-2.270:8.4.4_3.0.101_rt130_0.10-0.220:1.4.20_3.0.101_rt130_0.10-0.380:3.0.101.rt130-0.100:2.1.1_3.0.101_rt130_0.10-0.110:1.6_3.0.101_rt130_0.10-0.200:1.5.4.1_3.0.101_rt130_0.10-0.130:7.19.7-1.280:3.0.101-0.50:4.1.6_02_3.0.101_0.5-0.50:3.0.101-0.80:4.2.3_02_3.0.101_0.8-0.70:1.4_3.0.101_0.5-2.180:2_3.0.101_0.5-0.70:1.6_3.0.101_0.5-0.110:1.4_3.0.101_0.8-2.270:2_3.0.101_0.8-0.160:1.6_3.0.101_0.8-0.200:1.4_3.0.101_rt130_0.5-2.180:8.4.2_3.0.101_rt130_0.5-0.6.60:1.4.20_3.0.101_rt130_0.5-0.25.250:3.0.101.rt130-0.50:2.0.4_3.0.101_rt130_0.5-0.9.90:1.6_3.0.101_rt130_0.5-0.110:1.5.2_3.0.101_rt130_0.5-0.28.280:1.4_3.0.101_rt130_0.8-2.270:8.4.4_3.0.101_rt130_0.8-0.180:1.4.20_3.0.101_rt130_0.8-0.380:3.0.101.rt130-0.80:2.1.1_3.0.101_rt130_0.8-0.110:1.6_3.0.101_rt130_0.8-0.200:1.5.4.1_3.0.101_rt130_0.8-0.130:4.0.3_21548_16-0.70:4.0.3_21548_16_2.6.32.54_0.33.TDC-0.70:1.8.8-0.20:9.5.5-0.30:11.2.202.285-0.30:3.0.74-0.6.100:4.1.4_02_3.0.74_0.6.10-0.50:1.4_3.0.74_0.6.10-2.180:2_3.0.74_0.6.10-0.70:1.6_3.0.74_0.6.10-0.110:1.4_3.0.74_rt98_0.6.6-2.180:8.4.2_3.0.74_rt98_0.6.6-0.6.60:1.4.20_3.0.74_rt98_0.6.6-0.230:3.0.74.rt98-0.6.60:2.0.4_3.0.74_rt98_0.6.6-0.70:1.6_3.0.74_rt98_0.6.6-0.110:1.5.2_3.0.74_rt98_0.6.6-0.28.280:4.4.0-6.170:11.2.202.291-0.30:11.2.202.297-0.30:11.2.202.310-0.30:4.0.3_21548_18-0.90:4.0.3_21548_18_2.6.32.59_0.15-0.90:2.6.18-0.60:1.7.0.6-0.210:1.8.7.p357-0.9.110:5.3.17-0.150:3.6.3-0.33.350:3.4.3-1.460:3.6.3-0.420:1.34b-11.28.460:1.34b-12.33.350:1.34b-12.420:5.2.14-0.7.30.540:5.3.17-0.170:1.6.17-1.210:1.0.5.6-0.70:5.5.37-0.70:3.0.101-0.7.150:4.1.6_04_3.0.101_0.7.15-0.50:1.4_3.0.101_0.7.15-2.180:2_3.0.101_0.7.15-0.70:1.6_3.0.101_0.7.15-0.110:2.11.3-17.620:7.4-27.70.740:7.4-27.830:7.4-27.40.660:3.0.101-0.210:4.2.4_02_3.0.101_0.21-0.70:1.4_3.0.101_0.21-2.270:2_3.0.101_0.21-0.160:1.6_3.0.101_0.21-0.200:1.4_3.0.101_rt130_0.14-2.270:8.4.4_3.0.101_rt130_0.14-0.220:1.4.20_3.0.101_rt130_0.14-0.380:3.0.101.rt130-0.140:2.1.1_3.0.101_rt130_0.14-0.110:1.6_3.0.101_rt130_0.14-0.200:1.5.4.1_3.0.101_rt130_0.14-0.130:3.0.101-0.7.190:1.34b-11.28.540:3.6.3-0.500:1.34b-12.33.410:1.34b-12.500:7.19.7-1.20.290:7.19.7-1.300:2.6.18-0.140:9.9.3P2-0.50:1.8.9-0.20:11.2.202.327-0.30:11.2.202.332-0.30:1.7.0.6-0.230:1.6.0_sr15.1-0.60:1.7.0_sr6.1-0.80:1.7.0_sr9.0-0.70:1.8.11-0.20:7.4-27.40.680:1.7-37.29.350:1.0.5.8-0.70:2.2.12-1.480:1.0.5.9-0.70:2.6.16-1.420:0.98.5-0.50:5.3.17-0.350:1.7.0.6-0.270:1.8.12-0.40:3.0.101-0.47.500:4.2.5_04_3.0.101_0.47.50-0.70:1.4_3.0.101_0.47.50-2.28.10:2_3.0.101_0.47.50-0.17.10:1.6_3.0.101_0.47.50-0.21.10:1.4_3.0.101_rt130_0.33.36-2.28.10:8.4.4_3.0.101_rt130_0.33.36-0.23.10:1.4.20_3.0.101_rt130_0.33.36-0.39.10:3.0.101.rt130-0.33.360:2.1.1_3.0.101_rt130_0.33.36-0.12.10:1.6_3.0.101_rt130_0.33.36-0.21.10:1.5.4.1_3.0.101_rt130_0.33.36-0.14.10:2.11.3-17.820:2.11.1-0.640:2.11.3-17.45.590:7.19.7-1.320:1.6.17-1.270:0.9.8j-0.540:0.9.8j-0.580:1.7.6p2-0.2.140:3.1.12-8.16.180:1.4.2-0.150:1.0.1g-0.160:3.0.101-0.290:4.2.4_02_3.0.101_0.29-0.70:1.4_3.0.101_0.29-2.270:2_3.0.101_0.29-0.160:1.6_3.0.101_0.29-0.200:1.4_3.0.101_rt130_0.16-2.270:8.4.4_3.0.101_rt130_0.16-0.220:1.4.20_3.0.101_rt130_0.16-0.380:3.0.101.rt130-0.160:2.1.1_3.0.101_rt130_0.16-0.110:1.6_3.0.101_rt130_0.16-0.200:1.5.4.1_3.0.101_rt130_0.16-0.130:5.3.17-0.270:0.12.5-1.260:6.0.41-0.450:5.3.8-0.450:5.3.17-0.230:2.11.3-17.680:3.2-147.14.200:5.2-147.14.200:11.2.202.335-0.40:11.2.202.341-0.30:11.2.202.346-0.30:11.2.202.350-0.30:11.2.202.359-0.30:11.2.202.356-0.30:11.2.202.378-0.30:11.2.202.394-0.30:11.2.202.400-0.30:11.2.202.406-0.30:11.2.202.411-0.30:11.2.202.425-0.30:9.6ESVR11W1-0.20:6.4.3.6-7.280:2.6.16-1.440:4.24-43.250:1.8.13-0.50:5.4.2.1-8.12.200:4.4.0-6.230:1.7.0.65-0.70:3.0.101-0.7.210:1.2.10-3.290:0.9.8j-0.620:1.0.1g-0.200:5.2.14-0.7.30.580:1.7.0.75-0.70:0.9.7g-146.22.270:0.9.8j-0.680:1.0.1g-0.240:1.6.17-1.310:7.19.7-1.20.350:5.2.14-0.7.30.620:2.11.3-17.660:2.11.1-0.540:5.2.14-0.7.30.600:5.3.17-0.290:1.7.0_sr7.1-0.50:1.6.0_sr16.1-0.30:1.6.3-133.49.600:3.2-147.200:5.2-147.200:1.10.10-0.20:1.4_3.0.101_rt130_0.33.38-2.28.10:8.4.4_3.0.101_rt130_0.33.38-0.23.10:1.4.20_3.0.101_rt130_0.33.38-0.39.10:3.0.101.rt130-0.33.380:2.1.1_3.0.101_rt130_0.33.38-0.12.10:1.6_3.0.101_rt130_0.33.38-0.21.10:1.5.4.1_3.0.101_rt130_0.33.38-0.14.10:7.4-27.1010:7.4-27.40.720:2.0.9-143.35.30:2.6.32.59-0.170:4.0.3_21548_18_2.6.32.59_0.17-0.90:3.0.101-0.7.270:4.1.6_08_3.0.101_0.7.27-0.50:6.00-11.90:5.52-142.250:5.2.14-0.7.30.640:5.3.17-0.330:1.0.1g-0.300:11.2.202.424-0.30:4.0.3_21548_18-0.70:4.0.3_21548_18_2.6.32.54_0.47.TDC-0.70:3.9.8-1.230:1.6.0_sr16.3-0.40:1.7.0_sr8.10-0.60:4.2.4p8-1.280:0.98.6-0.60:1.3.9-8.46.540:5.2.14-0.7.30.680:1.0.1g-0.260:2.11.3-17.740:2.11.1-0.600:2.11.3-17.45.550:1.34b-12.33.430:3.6.3-0.33.430:7.4-27.1030:7.4-27.40.740:11.2.202.429-0.40:11.2.202.438-0.30:11.2.202.440-0.30:11.2.202.442-0.30:11.2.202.451-0.30:11.2.202.457-0.30:1.7.0.75-0.90:1.10.12-0.20:31.5.0esr-0.70:31.5.0esr-0.4.20:9.9.6P1-0.70:1.4.2-0.22.250:4.2.4p8-1.29.360:4.0.3_21548_18-0.170:4.0.3_21548_18_2.6.32.54_0.55.TDC-0.170:2.0.1-1.360:11.2.202.460-0.30:11.2.202.466-0.60:11.2.202.468-0.70:7.19.7-1.20.370:1.4.2-0.22.310:0.12.5-1.280:4.0.3_21548_18-0.230:4.0.3_21548_18_2.6.32.54_0.59.TDC-0.230:4.1.6_08_3.0.101_0.7.29-0.110:5.2.14-0.7.30.700:5.3.17-0.430:7.4-27.40.760:1.4.2-0.22.270:4.0.3_21548_18-0.190:4.0.3_21548_18_2.6.32.54_0.59.TDC-0.190:0.15.1-0.290:1.10.14-0.30:5.5.43-0.90:4.4.0-6.270:9.9.6P1-0.270:1.9+git.1473844105.932298f-90:1.5.4-0.70:1.5.4-120:2.4.3-0.250:1.9+git.1443859419.95e948a-120:2014.2.4~a0~dev103-160:0.4-0.130:0.9.8j-0.910:2014.2.4.dev18-90:2014.2.4.dev19-90:2014.2.4.dev5-90:2014.2.4.dev13-90:2014.2.4.dev5-110:2014.2.4.dev3-90:2014.2-90:1.4.0-140:1.2.0-20:1.9.0-90:1.9+git.1443622531.b2b2939-90:2014.2.4~a0~dev12-130:1.1.7-110:2014.2.4.juno-140:2014.2.4.juno-170:2014.2.4.juno-290:2.1.0-140:2014.2.4~a0~dev80-200:2.1.0-110:2014.2.4.juno-150:1.6.11-0.70:1.6.11-130:2.7.0-0.70:2.7.0-90:3.10-0.130:0.15.0-90:1.0.0-110:1.2.0-110:2.20.0-90:0.4.1-90:2.3.0-90:2.11.0-0.90:4.1.9-90:4.1.9-120:4.1.9-150:1.11.1-90:0.0.5-90:3.2.3-90:2.11.3-110:1.5.2-9