Ubuntu Linux@5.10 Security Vulnerabilities and Issues — Ubuntu Linux@5.10 CVE List

Lucene search

CanonicalUbuntu Linux5.10

10 matches found

CVE•added 2007/02/26 8:28 p.m.•85 views

CVE-2007-0009

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attac...

6.8CVSS7.9AI score0.48677EPSS

CVE•added 2007/04/06 1:19 a.m.•81 views

CVE-2007-1216

Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary co...

9CVSS9.3AI score0.11518EPSS

CVE•added 2007/02/13 11:28 p.m.•72 views

CVE-2007-0908

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befor...

5CVSS7.3AI score0.14752EPSS

CVE•added 2007/04/06 1:19 a.m.•72 views

CVE-2007-0957

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via...

9CVSS9.6AI score0.13223EPSS

CVE•added 2007/02/20 5:28 p.m.•68 views

CVE-2007-0988

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for...

4.3CVSS7.3AI score0.01781EPSS

CVE•added 2007/04/06 1:19 a.m.•66 views

CVE-2007-0956

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

10CVSS9.6AI score0.9135EPSS

CVE•added 2007/02/26 7:28 p.m.•58 views

CVE-2007-0777

The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.

9.3CVSS7.3AI score0.41894EPSS

CVE•added 2007/02/26 8:28 p.m.•58 views

CVE-2007-0778

The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when ...

5.4CVSS5.7AI score0.01036EPSS

CVE•added 2007/02/26 8:28 p.m.•54 views

CVE-2007-0780

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in comb...

6.8CVSS5.3AI score0.01684EPSS

CVE•added 2007/03/21 7:19 p.m.•51 views

CVE-2007-1562

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

6.8CVSS5.5AI score0.29035EPSS