Total
29575 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3263 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository." | |||||
| CVE-2007-3185 | 1 Apple | 1 Safari | 2024-11-21 | 7.8 HIGH | N/A |
| Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. | |||||
| CVE-2007-3126 | 1 Gimp | 1 Gimp | 2024-11-21 | 5.0 MEDIUM | N/A |
| Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237. | |||||
| CVE-2007-3102 | 2 Fedora Project, Openbsd | 2 Fedora Core, Openssh | 2024-11-21 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3041 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability." | |||||
| CVE-2007-3035 | 1 Microsoft | 1 Windows Media Player | 2024-11-21 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." | |||||
| CVE-2007-2907 | 1 Ssl-explorer | 1 Ssl-explorer | 2024-11-21 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers via an unspecified vector, possibly the forwardTo parameter to redirect.do. NOTE: the impact might be cross-site scripting (XSS) or HTTP request smuggling. | |||||
| CVE-2007-2728 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2024-11-21 | 5.0 MEDIUM | N/A |
| The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue. | |||||
| CVE-2007-2655 | 1 Netwin | 2 Surgemail, Webmail | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution. | |||||
| CVE-2007-2587 | 1 Cisco | 1 Ios | 2024-11-21 | 6.3 MEDIUM | N/A |
| The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244). | |||||
| CVE-2007-2583 | 3 Canonical, Debian, Oracle | 3 Ubuntu Linux, Debian Linux, Mysql | 2024-11-21 | 4.0 MEDIUM | N/A |
| The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. | |||||
| CVE-2007-2553 | 1 Hp | 1 Tru64 | 2024-11-21 | 7.2 HIGH | N/A |
| Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable. | |||||
| CVE-2007-2463 | 1 Cisco | 2 Adaptive Security Appliance Software, Pix | 2024-11-21 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry. | |||||
| CVE-2007-2445 | 2 Linux, Png Reference Library | 2 Linux Kernel, Libpng | 2024-11-21 | 5.0 MEDIUM | N/A |
| The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. | |||||
| CVE-2007-2395 | 1 Apple | 1 Quicktime | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption." | |||||
| CVE-2007-2176 | 1 Mozilla | 1 Firefox | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175. | |||||
| CVE-2007-2127 | 1 Oracle | 1 E-business Suite | 2024-11-21 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07), (5) Trade Management (APPS09), (6) Applications Manager (APPS10), and (7) Oracle Report Manager (APPS03). | |||||
| CVE-2007-2118 | 1 Oracle | 1 Database Server | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13. NOTE: as of 20070424, Oracle has not disputed reliable claims that this is a buffer overflow involving the "mig utility." | |||||
| CVE-2007-2117 | 1 Oracle | 1 Database Server | 2024-11-21 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. NOTE: as of 20070424, Oracle has not disputed reliable claims that this involves a buffer overflow in the ctxsrv server daemon. | |||||
| CVE-2007-2116 | 1 Oracle | 1 Database Server | 2024-11-21 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMS_SNAP_INTERNAL package using the (1) SNAP_OWNER or (2) SNAP_NAME parameters. | |||||