Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2011-06-21 CVE-2011-1755 XML Entity Expansion vulnerability in multiple products
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
network
low complexity
jabberd2 fedoraproject apple CWE-776
7.5
2011-02-23 CVE-2011-0019 Improper Input Validation vulnerability in multiple products
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.
network
low complexity
fedoraproject redhat CWE-20
7.5
2011-02-18 CVE-2010-3441 Classic Buffer Overflow vulnerability in multiple products
Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via (1) a crafted input file, related to the PUT0 and PUT1 output macros; (2) a crafted input file, related to the trim_title function; and possibly (3) a long -O option on a command line.
network
low complexity
moinejf fedoraproject CWE-120
7.5
2010-12-22 CVE-2010-4577 Type Confusion vulnerability in multiple products
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
network
low complexity
webkitgtk google fedoraproject debian CWE-843
7.5
2010-12-07 CVE-2010-4494 Double Free vulnerability in Google Chrome
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
7.5
2010-11-17 CVE-2010-4168 Use After Free vulnerability in multiple products
Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.
network
low complexity
openttd fedoraproject CWE-416
7.5
2010-11-06 CVE-2010-4204 Denial of Service vulnerability in Google Chrome
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google webkitgtk fedoraproject
7.5
2010-11-06 CVE-2010-4197 USE After Free vulnerability in Google Chrome
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
network
low complexity
google webkitgtk fedoraproject CWE-416
7.5
2010-11-05 CVE-2010-3702 Null Pointer Dereference vulnerability in multiple products
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
7.5
2010-09-24 CVE-2010-1772 Use After Free vulnerability in multiple products
Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.
8.8