Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Linux_enterprise_desktop
(Suse)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/krb5/krb5 • https://github.com/puppetlabs/puppet |
| #Vulnerabilities | 461 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-02-06 | CVE-2014-1483 | Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions. | Ubuntu_linux, Firefox, Seamonkey, Opensuse, Solaris, Linux_enterprise_desktop, Linux_enterprise_server, Suse_linux_enterprise_software_development_kit | N/A | ||
| 2014-02-06 | CVE-2014-1485 | The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions. | Ubuntu_linux, Firefox, Seamonkey, Opensuse, Solaris, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2014-02-06 | CVE-2014-1488 | The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. | Ubuntu_linux, Firefox, Seamonkey, Opensuse, Solaris, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2014-02-06 | CVE-2014-1490 | Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. | Ubuntu_linux, Debian_linux, Fedora, Firefox, Firefox_esr, Network_security_services, Seamonkey, Thunderbird, Opensuse, Enterprise_manager_ops_center, Vm_server, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2009-02-22 | CVE-2009-0040 | The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | Iphone_os, Mac_os_x, Debian_linux, Fedora, Libpng, Opensuse, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_server | N/A | ||
| 2008-03-19 | CVE-2008-0063 | The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | Mac_os_x, Mac_os_x_server, Ubuntu_linux, Debian_linux, Fedora, Kerberos_5, Opensuse, Linux, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | 7.5 | ||
| 2009-10-22 | CVE-2009-3620 | The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. | Ubuntu_linux, Fedora, Linux_kernel, Opensuse, Mrg_realtime, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server | 7.8 | ||
| 2010-07-30 | CVE-2010-2753 | Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. | Firefox, Seamonkey, Thunderbird, Opensuse, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | 8.8 | ||
| 2008-11-13 | CVE-2008-5021 | nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. | Ubuntu_linux, Debian_linux, Fedora, Firefox, Seamonkey, Thunderbird, Linux_desktop, Open_enterprise_server, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2010-05-07 | CVE-2010-1437 | Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. | Debian_linux, Linux_kernel, Opensuse, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server | 7.0 |