Redhat Enterprise Linux Desktop vulnerabilities

CVE-2012-1938 [CRITICAL] CVE-2012-1938: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbi Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArray

CVE-2012-0247 [HIGH] CWE-20 CVE-2012-0247: ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corrupt ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

CVE-2012-1798 [MEDIUM] CWE-125 CVE-2012-1798: The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote atta The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

CVE-2012-0260 [MEDIUM] CWE-400 CVE-2012-0260: The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attacke The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

CVE-2012-0248 [MEDIUM] CWE-835 CVE-2012-0248: ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

CVE-2011-2517 [HIGH] CWE-119 CVE-2011-2517: Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value.

CVE-2012-1823 [CRITICAL] CWE-77 CVE-2012-1823: sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (ak sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for

CVE-2012-1688 [MEDIUM] CVE-2012-1688: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.

CVE-2012-1703 [MEDIUM] CVE-2012-1703: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690.

CVE-2012-1690 [MEDIUM] CVE-2012-1690: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703.

CVE-2011-3045 [HIGH] CVE-2011-3045: Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

CVE-2012-0053 [MEDIUM] CVE-2012-0053: protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header informat protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

CVE-2012-0031 [MEDIUM] CVE-2012-0031: scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

CVE-2011-3919 [HIGH] CWE-787 CVE-2011-3919: Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote at Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2011-4517 [MEDIUM] CWE-787 CVE-2011-4517: The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data typ The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a

CVE-2011-3905 [MEDIUM] CWE-125 CVE-2011-3905: libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of s libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-2834 [MEDIUM] CWE-415 CVE-2011-2834: Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote at Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

CVE-2011-1776 [MEDIUM] CVE-2011-1776: The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check th The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecti

CVE-2011-3389 [MEDIUM] CWE-326 CVE-2011-3389: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Expl The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA)

CVE-2011-2821 [HIGH] CWE-415 CVE-2011-2821: Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote at Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.