Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-2798 |
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal. Published: June 26, 2007; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2007-3409 |
Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop. Published: June 26, 2007; 2:30:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |
CVE-2007-3278 |
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. Published: June 19, 2007; 5:30:00 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2007-2875 |
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. Published: June 11, 2007; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2007-2691 |
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. Published: May 15, 2007; 9:19:00 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2007-2650 |
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file. Published: May 14, 2007; 5:19:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-2583 |
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. Published: May 09, 2007; 8:19:00 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2007-1864 |
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors. Published: May 08, 2007; 8:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1320 |
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow. Published: May 02, 2007; 1:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2007-1322 |
QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction. Published: May 02, 2007; 1:19:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2007-1366 |
QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error. Published: May 02, 2007; 1:19:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2007-2029 |
File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file. Published: April 30, 2007; 6:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-2138 |
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings." Published: April 24, 2007; 4:19:00 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2007-2172 |
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions. Published: April 22, 2007; 3:19:00 PM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2006-4250 |
Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag. Published: April 10, 2007; 2:19:00 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2007-0956 |
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882. Published: April 05, 2007; 9:19:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-0957 |
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers. Published: April 05, 2007; 9:19:00 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2007-1216 |
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding". Published: April 05, 2007; 9:19:00 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2007-0994 |
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges. Published: March 05, 2007; 7:19:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-0009 |
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values. Published: February 26, 2007; 3:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |