VYPR

linux

by Debian

Source repositories

CVEs (3,007)

  • CVE-2007-6427Jan 18, 2008
    risk 0.00cvss epss 0.04

    The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

  • CVE-2007-6284Jan 12, 2008
    risk 0.00cvss epss 0.03

    The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

  • CVE-2007-4772Jan 9, 2008
    risk 0.00cvss epss 0.04

    The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

  • CVE-2007-6601Jan 9, 2008
    risk 0.00cvss epss 0.02

    The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists…

  • CVE-2007-6599Jan 4, 2008
    risk 0.00cvss epss 0.02

    Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to…

  • CVE-2007-6353Dec 20, 2007
    risk 0.00cvss epss 0.05

    Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.

  • CVE-2007-6418Dec 18, 2007
    risk 0.00cvss epss 0.00

    The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.

  • CVE-2007-6206Dec 4, 2007
    risk 0.00cvss epss 0.00

    The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain…

  • CVE-2007-6170Nov 30, 2007
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2)…

  • CVE-2007-5729Oct 30, 2007
    risk 0.00cvss epss 0.01

    The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some…

  • CVE-2007-1321Oct 30, 2007
    risk 0.00cvss epss 0.00

    Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE:…

  • CVE-2007-5730Oct 30, 2007
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to…

  • CVE-2007-5191Oct 4, 2007
    risk 0.00cvss epss 0.00

    mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

  • CVE-2007-4657Sep 4, 2007
    risk 0.00cvss epss 0.03

    Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an…

  • CVE-2007-3998Sep 4, 2007
    risk 0.00cvss epss 0.03

    The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated…

  • CVE-2007-2443Jun 26, 2007
    risk 0.00cvss epss 0.03

    Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.

  • CVE-2007-2833Jun 21, 2007
    risk 0.00cvss epss 0.02

    Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

  • CVE-2007-3278Jun 19, 2007
    risk 0.00cvss epss 0.01

    PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the…

  • CVE-2007-2875Jun 11, 2007
    risk 0.00cvss epss 0.00

    Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.

  • CVE-2007-2691May 16, 2007
    risk 0.00cvss epss 0.03

    MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Page 142 of 151