Vulnerabilities > Redhat > Enterprise Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-09-24 | CVE-2010-1772 | Use After Free vulnerability in multiple products Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document. | 8.8 |
| 2010-03-05 | CVE-2010-0302 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. | 7.5 |
| 2010-01-09 | CVE-2010-0013 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2009-11-20 | CVE-2009-3553 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. | 7.5 |
| 2009-06-12 | CVE-2009-1837 | Use After Free vulnerability in multiple products Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. | 7.5 |
| 2008-12-11 | CVE-2008-5422 | Permissions, Privileges, and Access Controls vulnerability in SUN RAY Server Software Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. | 7.5 |
| 2008-08-01 | CVE-2008-1376 | Permissions, Privileges, and Access Controls vulnerability in Redhat NFS Utils 1.0.9 A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions. | 7.5 |
| 2008-05-23 | CVE-2008-1767 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redhat products Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. | 7.5 |
| 2008-05-14 | CVE-2008-1944 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xensource XEN 3.0/3.0.3 Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages." https://bugzilla.redhat.com/show_bug.cgi?id=443078 "The PVFB backend is a user space program running as root in dom0" | 7.2 |
| 2008-05-08 | CVE-2008-2112 | Privilege Escalation vulnerability in SUN RAY Server Software 4.0 Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig. | 8.5 |