Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5197 | 4 Debian, Mono, Opensuse and 1 more | 6 Debian Linux, Mono, Opensuse and 3 more | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods. | |||||
CVE-2007-2834 | 4 Apache, Canonical, Debian and 1 more | 5 Openoffice, Ubuntu Linux, Debian Linux and 2 more | 2024-02-04 | 9.3 HIGH | N/A |
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow. | |||||
CVE-2006-4343 | 3 Canonical, Debian, Openssl | 3 Ubuntu Linux, Debian Linux, Openssl | 2024-02-04 | 4.3 MEDIUM | N/A |
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. | |||||
CVE-2007-6284 | 3 Debian, Mandrakesoft, Redhat | 4 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences. | |||||
CVE-2008-0162 | 2 Debian, Sam Lantinga | 2 Debian Linux, Splitvt | 2024-02-04 | 7.2 HIGH | N/A |
misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges. | |||||
CVE-2007-4772 | 4 Canonical, Debian, Postgresql and 1 more | 4 Ubuntu Linux, Debian Linux, Postgresql and 1 more | 2024-02-04 | 4.0 MEDIUM | N/A |
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. | |||||
CVE-2006-6501 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-02-04 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. | |||||
CVE-2007-2691 | 3 Canonical, Debian, Mysql | 3 Ubuntu Linux, Debian Linux, Mysql | 2024-02-04 | 4.9 MEDIUM | N/A |
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. | |||||
CVE-2007-2138 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2024-02-04 | 6.0 MEDIUM | N/A |
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings." | |||||
CVE-2007-2875 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. | |||||
CVE-2007-1665 | 2 Debian, Ekg | 2 Debian Linux, Ekg | 2024-02-04 | 5.0 MEDIUM | N/A |
Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service. | |||||
CVE-2006-6503 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-02-04 | 6.8 MEDIUM | N/A |
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI. | |||||
CVE-2006-1564 | 1 Debian | 1 Debian Linux | 2024-02-04 | 4.6 MEDIUM | N/A |
Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory. | |||||
CVE-2005-1111 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Cpio | 2024-02-04 | 3.7 LOW | 4.7 MEDIUM |
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | |||||
CVE-2005-2459 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | 5.0 MEDIUM | N/A |
The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458. | |||||
CVE-2005-0004 | 3 Debian, Mariadb, Oracle | 3 Debian Linux, Mariadb, Mysql | 2024-02-04 | 4.6 MEDIUM | N/A |
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. | |||||
CVE-2004-1174 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2024-02-04 | 5.0 MEDIUM | N/A |
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." | |||||
CVE-2006-1244 | 4 Debian, Gnome, Libextractor and 1 more | 4 Debian Linux, Gpdf, Libextractor and 1 more | 2024-02-04 | 7.6 HIGH | N/A |
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature. | |||||
CVE-2004-1009 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. | |||||
CVE-2004-0980 | 3 Angus Mackay, Debian, Gentoo | 3 Ez-ipupdate, Debian Linux, Linux | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code. |