High

DATE	CVE	VULNERABILITY TITLE	RISK
2013-04-03	CVE-2012-6129	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets." Per http://www.ubuntu.com/usn/USN-1747-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10" Per https://bugzilla.redhat.com/show_bug.cgi?id=909934 " This issue affects the version of the transmission package, as shipped with Fedora release of 16. network low complexity transmissionbt canonical fedoraproject CWE-119	7.5
2012-10-01	CVE-2012-4415	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name. network low complexity fedoraproject guac-dev CWE-119	7.5
2011-07-21	CVE-2011-2520	Deserialization of Untrusted Data vulnerability in multiple products fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object. local low complexity redhat fedoraproject CWE-502	7.8
2011-07-17	CVE-2011-2692	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory. network low complexity libpng fedoraproject debian canonical CWE-119	8.8
2011-06-24	CVE-2011-1770	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read. network low complexity linux fedoraproject CWE-191	7.5
2011-06-21	CVE-2011-1755	XML Entity Expansion vulnerability in multiple products jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. network low complexity jabberd2 fedoraproject apple CWE-776	7.5
2011-02-23	CVE-2011-0019	Improper Input Validation vulnerability in multiple products slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests. network low complexity fedoraproject redhat CWE-20	7.5
2011-02-18	CVE-2010-3441	Classic Buffer Overflow vulnerability in multiple products Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via (1) a crafted input file, related to the PUT0 and PUT1 output macros; (2) a crafted input file, related to the trim_title function; and possibly (3) a long -O option on a command line. network low complexity moinejf fedoraproject CWE-120	7.5
2010-12-22	CVE-2010-4577	Type Confusion vulnerability in multiple products The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." network low complexity webkitgtk google fedoraproject debian CWE-843	7.5
2010-12-07	CVE-2010-4494	Double Free vulnerability in Google Chrome Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. network low complexity google xmlsoft apple opensuse suse fedoraproject redhat debian hp apache CWE-415	7.5