Suse Linux Enterprise Desktop vulnerabilities

CVE-2012-3976 [MEDIUM] CWE-200 CVE-2012-3976: Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not proper Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

CVE-2012-1535 [HIGH] CWE-20 CVE-2012-1535: Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and befo Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.

CVE-2012-3867 [MEDIUM] CWE-264 CVE-2012-3867: lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate

CVE-2011-1477 [HIGH] CWE-119 CVE-2011-1477: Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.

CVE-2012-1717 [LOW] CVE-2012-1717: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.

CVE-2012-2037 [CRITICAL] CVE-2012-2037: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1 Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via

CVE-2012-2040 [CRITICAL] CWE-426 CVE-2012-2040: Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11 Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain priv

CVE-2012-2035 [CRITICAL] CWE-787 CVE-2012-2035: Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecifi

CVE-2012-2039 [CRITICAL] CWE-476 CVE-2012-2039: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1 Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer d

CVE-2012-2036 [CRITICAL] CWE-190 CVE-2012-2036: Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows an Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.

CVE-2012-2034 [HIGH] CWE-119 CVE-2012-2034: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1 Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption)

CVE-2012-2038 [MEDIUM] CWE-200 CVE-2012-2038: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1 Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information

CVE-2012-0507 [CRITICAL] CVE-2012-0507: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 201

CVE-2012-1938 [CRITICAL] CVE-2012-1938: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbi Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArray

CVE-2012-1097 [HIGH] CWE-476 CVE-2012-1097: The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.

CVE-2012-1146 [MEDIUM] CWE-476 CVE-2012-1146: The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold ev

CVE-2012-1090 [MEDIUM] CWE-20 CVE-2012-1090: The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to ca The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.

CVE-2012-0879 [MEDIUM] CWE-400 CVE-2012-0879: The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.

CVE-2011-3970 [MEDIUM] CWE-125 CVE-2011-3970: libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of s libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2012-0449 [CRITICAL] CWE-119 CVE-2012-0449: Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, an Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.