Redhat » Enterprise Linux Workstation » 4.0 : Security Vulnerabilities, CVEs, CVSS score >= 8
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Max CVSS
9.3
EPSS Score
2.16%
Published
2012-06-16
Updated
2021-07-14
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
Max CVSS
9.3
EPSS Score
3.27%
Published
2009-06-12
Updated
2024-02-02
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
Max CVSS
10.0
EPSS Score
62.12%
Published
2009-04-09
Updated
2024-02-09
3 vulnerabilities found