Vulnerabilities > Suse > Linux Enterprise Desktop > Critical

DATE CVE VULNERABILITY TITLE RISK
2012-02-01 CVE-2011-3659 USE After Free vulnerability in multiple products
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
network
mozilla opensuse suse CWE-416
critical
9.3
2012-02-01 CVE-2012-0442 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
mozilla debian opensuse suse
critical
9.3
2012-02-01 CVE-2012-0444 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
network
low complexity
mozilla debian opensuse suse canonical CWE-119
critical
10.0
2012-02-01 CVE-2012-0449 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.
network
mozilla debian opensuse suse CWE-119
critical
9.3
2011-12-25 CVE-2011-4862 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
10.0
2011-11-11 CVE-2011-3439 Out-Of-Bounds Write vulnerability in multiple products
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
network
apple suse CWE-787
critical
9.3
2010-06-10 CVE-2010-0395 OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed. 9.3
2008-01-18 CVE-2007-6427 Out-Of-Bounds Write vulnerability in multiple products
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.
9.3