Vulnerabilities (CVE)

Filtered by vendor Suse Subscribe
Filtered by product Linux Enterprise Server
Total 498 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-3960 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Seamonkey and 11 more 2024-11-21 10.0 HIGH N/A
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-3959 6 Canonical, Debian, Mozilla and 3 more 15 Ubuntu Linux, Debian Linux, Firefox and 12 more 2024-11-21 10.0 HIGH N/A
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-3957 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Seamonkey and 11 more 2024-11-21 10.0 HIGH N/A
Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-3956 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Seamonkey and 11 more 2024-11-21 10.0 HIGH N/A
Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-3867 6 Canonical, Debian, Opensuse and 3 more 8 Ubuntu Linux, Debian Linux, Opensuse and 5 more 2024-11-21 4.3 MEDIUM N/A
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.
CVE-2012-3515 7 Canonical, Debian, Opensuse and 4 more 14 Ubuntu Linux, Debian Linux, Opensuse and 11 more 2024-11-21 7.2 HIGH N/A
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
CVE-2012-1976 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Seamonkey and 11 more 2024-11-21 10.0 HIGH N/A
Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-1975 6 Canonical, Debian, Mozilla and 3 more 15 Ubuntu Linux, Debian Linux, Firefox and 12 more 2024-11-21 10.0 HIGH N/A
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-1974 6 Canonical, Debian, Mozilla and 3 more 15 Ubuntu Linux, Debian Linux, Firefox and 12 more 2024-11-21 10.0 HIGH N/A
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-1973 6 Canonical, Debian, Mozilla and 3 more 15 Ubuntu Linux, Debian Linux, Firefox and 12 more 2024-11-21 10.0 HIGH N/A
Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-1972 6 Canonical, Debian, Mozilla and 3 more 15 Ubuntu Linux, Debian Linux, Firefox and 12 more 2024-11-21 10.0 HIGH N/A
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-1970 6 Canonical, Debian, Mozilla and 3 more 15 Ubuntu Linux, Debian Linux, Firefox and 12 more 2024-11-21 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-1938 4 Mozilla, Opensuse, Redhat and 1 more 13 Firefox, Seamonkey, Thunderbird and 10 more 2024-11-21 9.3 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.
CVE-2012-1823 8 Apple, Debian, Fedoraproject and 5 more 17 Mac Os X, Debian Linux, Fedora and 14 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
CVE-2012-1717 5 Linux, Oracle, Redhat and 2 more 19 Linux Kernel, Jdk, Jre and 16 more 2024-11-21 2.1 LOW N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
CVE-2012-1146 3 Fedoraproject, Linux, Suse 5 Fedora, Linux Kernel, Linux Enterprise Desktop and 2 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events.
CVE-2012-1097 3 Linux, Redhat, Suse 6 Linux Kernel, Enterprise Linux, Enterprise Mrg and 3 more 2024-11-21 7.2 HIGH 7.8 HIGH
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
CVE-2012-1090 3 Linux, Redhat, Suse 5 Linux Kernel, Enterprise Mrg, Linux Enterprise Desktop and 2 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.
CVE-2012-0879 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
CVE-2012-0507 4 Debian, Oracle, Sun and 1 more 7 Debian Linux, Jre, Jre and 4 more 2024-11-21 10.0 HIGH N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.