Vulnerabilities > Suse > Linux Enterprise Debuginfo > 10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-10-22 | CVE-2009-3620 | Use of Uninitialized Resource vulnerability in multiple products The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. | 7.8 |
2009-07-22 | CVE-2009-2472 | Cross-Site Scripting vulnerability in multiple products Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass." | 4.3 |