Lucene search

K
CanonicalUbuntu Linux7.04

36 matches found

CVE
CVE
added 2007/12/13 6:46 p.m.265 views

CVE-2007-5000

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified v...

4.3CVSS8AI score0.88672EPSS
CVE
CVE
added 2007/03/30 12:19 a.m.248 views

CVE-2007-1349

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

5CVSS7.2AI score0.17682EPSS
CVE
CVE
added 2007/04/24 8:19 p.m.194 views

CVE-2007-2138

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "sear...

6CVSS8.5AI score0.01282EPSS
CVE
CVE
added 2007/06/27 5:30 p.m.191 views

CVE-2006-5752

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with bro...

4.3CVSS5.7AI score0.15092EPSS
CVE
CVE
added 2007/12/20 1:46 a.m.161 views

CVE-2007-6353

Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.

7.5CVSS7.4AI score0.0234EPSS
CVE
CVE
added 2007/06/20 10:30 p.m.140 views

CVE-2007-3304

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

4.7CVSS6.2AI score0.00126EPSS
CVE
CVE
added 2007/05/10 12:19 a.m.118 views

CVE-2007-2583

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

4CVSS5.8AI score0.03526EPSS
CVE
CVE
added 2007/08/23 10:17 p.m.118 views

CVE-2007-3847

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

5CVSS9.2AI score0.04041EPSS
CVE
CVE
added 2007/05/16 1:19 a.m.104 views

CVE-2007-2691

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

4.9CVSS6AI score0.01016EPSS
CVE
CVE
added 2007/05/09 12:19 a.m.102 views

CVE-2007-1864

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

7.5CVSS7.6AI score0.04837EPSS
CVE
CVE
added 2007/09/05 1:17 a.m.102 views

CVE-2007-4476

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

7.5CVSS7.5AI score0.11809EPSS
CVE
CVE
added 2007/12/04 12:46 a.m.100 views

CVE-2007-6206

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information...

2.1CVSS5.2AI score0.00076EPSS
CVE
CVE
added 2007/01/30 5:28 p.m.95 views

CVE-2007-0455

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.

7.5CVSS7.2AI score0.05654EPSS
CVE
CVE
added 2007/09/04 10:17 p.m.90 views

CVE-2007-4657

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE:...

7.5CVSS7.5AI score0.06909EPSS
CVE
CVE
added 2007/07/16 10:30 p.m.85 views

CVE-2007-3798

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

9.8CVSS9.8AI score0.74399EPSS
CVE
CVE
added 2007/04/06 1:19 a.m.83 views

CVE-2007-1887

Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with ...

7.5CVSS7.9AI score0.02863EPSS
CVE
CVE
added 2007/10/04 4:17 p.m.83 views

CVE-2007-5191

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

7.2CVSS6.2AI score0.00097EPSS
CVE
CVE
added 2007/06/26 10:30 p.m.80 views

CVE-2007-2443

Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.

8.3CVSS9.5AI score0.2536EPSS
CVE
CVE
added 2007/07/30 11:17 p.m.80 views

CVE-2007-3387

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that trigg...

6.8CVSS7.9AI score0.11401EPSS
CVE
CVE
added 2007/05/14 9:19 p.m.79 views

CVE-2007-2444

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

7.2CVSS6.3AI score0.08832EPSS
CVE
CVE
added 2007/03/24 9:19 p.m.78 views

CVE-2007-1667

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negativ...

9.3CVSS7.7AI score0.0114EPSS
CVE
CVE
added 2007/09/04 6:17 p.m.78 views

CVE-2007-3998

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""'...

5CVSS7.4AI score0.06465EPSS
CVE
CVE
added 2007/06/26 10:30 p.m.77 views

CVE-2007-2442

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

10CVSS9.5AI score0.39316EPSS
CVE
CVE
added 2007/04/22 7:19 p.m.73 views

CVE-2007-2172

A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.

4.7CVSS5.4AI score0.00068EPSS
CVE
CVE
added 2007/06/26 10:30 p.m.73 views

CVE-2007-2798

Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

9CVSS9.4AI score0.1489EPSS
CVE
CVE
added 2007/09/24 10:17 p.m.73 views

CVE-2007-4988

Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.

7.8CVSS7.8AI score0.0199EPSS
CVE
CVE
added 2007/10/08 9:17 p.m.67 views

CVE-2007-5268

pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.

4.3CVSS8.9AI score0.15258EPSS
CVE
CVE
added 2007/09/21 7:17 p.m.64 views

CVE-2007-0063

Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allow...

10CVSS7.4AI score0.0759EPSS
CVE
CVE
added 2007/06/11 10:30 p.m.64 views

CVE-2007-2875

Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.

2.1CVSS5.5AI score0.00094EPSS
CVE
CVE
added 2007/09/18 9:17 p.m.62 views

CVE-2007-2834

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of me...

9.3CVSS7.7AI score0.10713EPSS
CVE
CVE
added 2007/07/04 3:30 p.m.59 views

CVE-2007-2949

Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

6.8CVSS7.4AI score0.32609EPSS
CVE
CVE
added 2007/09/21 7:17 p.m.58 views

CVE-2007-0061

The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to...

10CVSS7.3AI score0.14666EPSS
CVE
CVE
added 2007/05/16 10:30 p.m.57 views

CVE-2007-2728

The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue.

5CVSS6.3AI score0.01266EPSS
CVE
CVE
added 2007/09/21 7:17 p.m.55 views

CVE-2007-4497

Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users wit...

5.5CVSS6.1AI score0.00318EPSS
CVE
CVE
added 2007/09/21 7:17 p.m.54 views

CVE-2007-5023

Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privile...

6.9CVSS6.7AI score0.00072EPSS
CVE
CVE
added 2007/09/21 7:17 p.m.53 views

CVE-2007-4496

Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authentic...

6.5CVSS7AI score0.00336EPSS