Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-0009 |
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values. Published: February 26, 2007; 3:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-0778 |
The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache. Published: February 26, 2007; 3:28:00 PM -0500 |
V3.x:(not available) V2.0: 5.4 MEDIUM |
CVE-2007-0780 |
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. Published: February 26, 2007; 3:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-0777 |
The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption. Published: February 26, 2007; 2:28:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-0988 |
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument. Published: February 20, 2007; 12:28:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-0908 |
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable. Published: February 13, 2007; 6:28:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-7232 |
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. Published: December 31, 2006; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2006-6499 |
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision. Published: December 19, 2006; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2006-6500 |
Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap. Published: December 19, 2006; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-6501 |
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. Published: December 19, 2006; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-6503 |
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI. Published: December 19, 2006; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-6504 |
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption. Published: December 19, 2006; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-5868 |
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. Published: November 21, 2006; 8:07:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-4343 |
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. Published: September 28, 2006; 2:07:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2006-4093 |
Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." Published: August 21, 2006; 5:04:00 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2006-2661 |
ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. Published: May 30, 2006; 3:02:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |