Ubuntu Linux@6.10 Security Vulnerabilities and Issues — Ubuntu Linux@6.10 CVE List

Lucene search

CanonicalUbuntu Linux6.10

9 matches found

CVE•added 2008/01/10 11:46 p.m.•369 views

CVE-2008-0226

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

7.5CVSS7.5AI score0.90142EPSS

CVE•added 2008/01/12 12:46 a.m.•119 views

CVE-2008-0005

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

4.3CVSS8.6AI score0.03487EPSS

CVE•added 2008/01/18 11:0 p.m.•112 views

CVE-2007-6427

The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

9.3CVSS9.8AI score0.03789EPSS

CVE•added 2008/01/09 9:46 p.m.•94 views

CVE-2007-4772

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

4CVSS8.2AI score0.0108EPSS

CVE•added 2008/03/17 9:44 p.m.•80 views

CVE-2008-0888

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

9.3CVSS9.6AI score0.04114EPSS

CVE•added 2008/03/19 10:44 a.m.•75 views

CVE-2008-0062

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

9.8CVSS9.8AI score0.07232EPSS

CVE•added 2008/02/26 6:0 p.m.•61 views

CVE-2006-7232

sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.

3.5CVSS5.8AI score0.01949EPSS

CVE•added 2008/03/19 10:44 a.m.•60 views

CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

7.5CVSS8.6AI score0.04745EPSS

CVE•added 2008/03/06 9:44 p.m.•55 views

CVE-2008-1195

Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java A...

9.3CVSS8.4AI score0.16311EPSS