Vulnerabilities > Redhat > Enterprise Linux > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-16 | CVE-2011-4739 | Credentials Management vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20 The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files. | 10.0 |
| 2011-12-16 | CVE-2011-4743 | Unspecified vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20 The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/user/create and certain other files. | 10.0 |
| 2011-12-16 | CVE-2011-4744 | Unspecified vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20 The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/featured-applications/ and certain other files. | 10.0 |
| 2011-12-16 | CVE-2011-4749 | Credentials Management vulnerability in Parallels Plesk Panel 10.3.1Build1013110726.09 The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms on certain pages under admin/index.php/default. | 10.0 |
| 2010-11-05 | CVE-2010-2941 | Use After Free vulnerability in multiple products ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. | 9.8 |
| 2008-08-27 | CVE-2008-3844 | Improper Input Validation vulnerability in Openbsd Openssh Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. | 9.3 |
| 2008-05-16 | CVE-2008-1423 | Numeric Errors vulnerability in Xiph.Org Libvorbis Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow. | 9.3 |
| 2008-01-08 | CVE-2008-0003 | Buffer Errors vulnerability in Openpegasus Management Server 2.6.1 Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360. | 10.0 |
| 2007-03-06 | CVE-2007-1282 | Integer Overflow vulnerability in Mozilla Seamonkey and Thunderbird Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line. | 9.3 |
| 2007-02-20 | CVE-2007-1007 | Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. | 10.0 |