CVE List 2007

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2007-6716
4.7 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Medium kernel fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. September 4, 2008, 12:09 pm
CVE-2007-6698
4.0 MV Product/Version
affected:
Medium openldap The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability. February 1, 2008, 16:02 pm
CVE-2007-6694
7.8 MV Product/Version
affected:
CGE 5.0 Resolved
High kernel The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference. January 29, 2008, 14:01 pm
CVE-2007-6601
7.2 MV Product/Version
affected:
Professional PRO 5.0 Resolved
High postgresql The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. January 9, 2008, 15:01 pm
CVE-2007-6451
4.3 MV Product/Version
affected:
CGE 5.0 Resolved
Medium wireshark Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory. December 19, 2007, 16:12 pm
CVE-2007-6450
5.0 MV Product/Version
affected:
CGE 5.0 Resolved
Medium wireshark The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. December 19, 2007, 16:12 pm
CVE-2007-6422
4.0 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium appache The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable. January 8, 2008, 12:01 pm
CVE-2007-6421
3.5 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Low appache Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. January 8, 2008, 13:01 pm
CVE-2007-6420
4.3 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium appache Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. January 11, 2008, 18:01 pm
CVE-2007-6417
7.2 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
High kernel The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). December 17, 2007, 18:12 pm
CVE-2007-6388
4.3 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium appache Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. January 8, 2008, 12:01 pm
CVE-2007-6284
5.0 MV Product/Version
affected:
Medium kernel The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences. January 11, 2008, 20:01 pm
CVE-2007-6282
7.1 MV Product/Version
affected:
Professional PRO 5.0 Resolved
High kernel The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV. May 7, 2008, 19:05 pm
CVE-2007-6239
5.0 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium squid The cache update reply processing functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects. December 4, 2007, 12:12 pm
CVE-2007-6206
2.1 MV Product/Version
affected:
CGE 3.1 Resolved
Consumer CEE 3.1 Resolved
Consumer CEE 3.1 Resolved
Consumer CEE 3.1 Resolved
Professional PRO 3.1 Resolved
Professional PRO 5.0 Resolved
Low kernel The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. December 3, 2007, 18:12 pm
CVE-2007-6203
4.3 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium appache Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a 413 Request Entity Too Large error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. December 3, 2007, 16:12 pm
CVE-2007-6200
10.0 MV Product/Version
affected:
CGE 6.0 Resolved
High rsync Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. December 1, 2007, 00:12 am
CVE-2007-6199
9.3 MV Product/Version
affected:
CGE 6.0 Resolved
High rsync rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the modules hierarchy. December 1, 2007, 00:12 am
CVE-2007-6151
7.2 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
High kernel The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow. December 14, 2007, 19:12 pm
CVE-2007-6067
6.8 MV Product/Version
affected:
Medium postgresql Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted complex regular expression with doubly-nested states. January 9, 2008, 15:01 pm
CVE-2007-6015
9.3 MV Product/Version
affected:
High samba Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the domain logons option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. December 13, 2007, 15:12 pm
CVE-2007-5966
7.2 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
MVL5 Kernel 2.6.24 Resolved
MVL5 Kernel 2.6.24 Resolved
Professional PRO 5.0 Resolved
High kernel Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information. December 19, 2007, 18:12 pm
CVE-2007-5846
7.8 MV Product/Version
affected:
Professional PRO 5.0 Resolved
High net-snmp The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. November 6, 2007, 15:11 pm
CVE-2007-5810
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium Hitachi_web_server Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature. November 5, 2007, 11:11 am
CVE-2007-5794
4.3 MV Product/Version
affected:
Medium nss_ldap Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected. November 13, 2007, 17:11 pm
CVE-2007-5707
7.1 MV Product/Version
affected:
CGE 5.1 Resolved
High openldap OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent. October 30, 2007, 14:10 pm
CVE-2007-5503
6.8 MV Product/Version
affected:
Medium cairo Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function. November 29, 2007, 19:11 pm
CVE-2007-5498
4.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Medium kernel The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks. May 7, 2008, 19:05 pm
CVE-2007-5497
5.8 MV Product/Version
affected:
Medium e2fsprogs Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image. December 7, 2007, 05:12 am
CVE-2007-5398
9.3 MV Product/Version
affected:
High samba Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. November 16, 2007, 12:11 pm
CVE-2007-5269
5.0 MV Product/Version
affected:
Medium libpng Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. October 8, 2007, 16:10 pm
CVE-2007-5191
6.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium kernel mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. October 4, 2007, 11:10 am
CVE-2007-5135
6.8 MV Product/Version
affected:
Medium openssl Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. September 27, 2007, 15:09 pm
CVE-2007-5116
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High perl Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. November 7, 2007, 17:11 pm
CVE-2007-5093
4.0 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Medium kernel The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 relies on user space to close the device, which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device. September 26, 2007, 16:09 pm
CVE-2007-5001
4.9 MV Product/Version
affected:
Medium kernel Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file. May 7, 2008, 19:05 pm
CVE-2007-5000
4.3 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium appache Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. December 13, 2007, 12:12 pm
CVE-2007-4995
9.3 MV Product/Version
affected:
High openssl Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. October 12, 2007, 20:10 pm
CVE-2007-4965
5.8 MV Product/Version
affected:
Medium python Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. September 18, 2007, 17:09 pm
CVE-2007-4826
3.5 MV Product/Version
affected:
Low quagga bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled. September 12, 2007, 05:09 am
CVE-2007-4782
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
Medium php PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a *[1]e value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. September 10, 2007, 16:09 pm
CVE-2007-4772
4.0 MV Product/Version
affected:
Medium postgresql The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. January 9, 2008, 15:01 pm
CVE-2007-4769
6.8 MV Product/Version
affected:
Medium postgresql The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number. January 9, 2008, 15:01 pm
CVE-2007-4752
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High openssh ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. September 11, 2007, 20:09 pm
CVE-2007-4657
7.5 MV Product/Version
affected:
High php Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. September 4, 2007, 17:09 pm
CVE-2007-4573
7.2 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
MVL5 Kernel 2.6.29 Resolved
High kernel The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register. September 24, 2007, 17:09 pm
CVE-2007-4572
9.3 MV Product/Version
affected:
High samba Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. November 16, 2007, 12:11 pm
CVE-2007-4571
2.1 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Low kernel The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc. September 26, 2007, 05:09 am
CVE-2007-4570
1.9 MV Product/Version
affected:
Low mcstrans Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels. November 9, 2007, 18:11 pm
CVE-2007-4567
7.8 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
High kernel The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet. December 20, 2007, 18:12 pm
CVE-2007-4476
7.5 MV Product/Version
affected:
High tar Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a crashing stack. September 4, 2007, 20:09 pm
CVE-2007-4131
6.8 MV Product/Version
affected:
Medium tar Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. August 24, 2007, 19:08 pm
CVE-2007-4091
6.8 MV Product/Version
affected:
CGE 6.0 Resolved
Medium rsync Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. August 15, 2007, 19:08 pm
CVE-2007-3998
5.0 MV Product/Version
affected:
Medium php The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a chr(0), 0, argument set. September 4, 2007, 13:09 pm
CVE-2007-3996
6.8 MV Product/Version
affected:
Medium php Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. September 4, 2007, 13:09 pm
CVE-2007-3806
6.8 MV Product/Version
affected:
Medium php The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. July 16, 2007, 19:07 pm
CVE-2007-3799
4.3 MV Product/Version
affected:
Medium php The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. July 16, 2007, 17:07 pm
CVE-2007-3798
6.8 MV Product/Version
affected:
Medium tcpdump Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. July 16, 2007, 17:07 pm
CVE-2007-3389
5.0 MV Product/Version
affected:
CGE 5.0 Resolved
Medium wireshark Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. June 25, 2007, 19:06 pm
CVE-2007-3374
4.6 MV Product/Version
affected:
Medium cluster_suite Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long client messages. June 25, 2007, 15:06 pm
CVE-2007-3278
6.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium postgresql PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. June 19, 2007, 16:06 pm
CVE-2007-3108
1.2 MV Product/Version
affected:
CGE 7.0 Resolved
Low openssl The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. August 7, 2007, 20:08 pm
CVE-2007-3107
2.1 MV Product/Version
affected:
Low kernel The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits. July 10, 2007, 17:07 pm
CVE-2007-2953
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium vim Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. July 31, 2007, 05:07 am
CVE-2007-2926
4.3 MV Product/Version
affected:
Medium bind ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. July 24, 2007, 12:07 pm
CVE-2007-2876
6.1 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0 Resolved
Medium kernel The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference. June 11, 2007, 18:06 pm
CVE-2007-2754
6.8 MV Product/Version
affected:
Medium freetype Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. May 17, 2007, 17:05 pm
CVE-2007-2509
2.6 MV Product/Version
affected:
Low php CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. May 8, 2007, 19:05 pm
CVE-2007-2453
1.2 MV Product/Version
affected:
Consumer Mobilinux 4.0 Resolved
Professional PRO 5.0 Resolved
Low kernel The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source. June 11, 2007, 18:06 pm
CVE-2007-2451
5.0 MV Product/Version
affected:
Medium kernel Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors. May 29, 2007, 15:05 pm
CVE-2007-2447
6.0 MV Product/Version
affected:
Medium samba The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the username map script smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management. May 14, 2007, 16:05 pm
CVE-2007-2446
10.0 MV Product/Version
affected:
High samba Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names). May 14, 2007, 16:05 pm
CVE-2007-2445
5.0 MV Product/Version
affected:
Medium libpng The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. May 16, 2007, 17:05 pm
CVE-2007-2438
7.6 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
High vim The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. May 2, 2007, 16:05 pm
CVE-2007-2243
5.0 MV Product/Version
affected:
Medium openssh OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. April 25, 2007, 11:04 am
CVE-2007-2242
7.8 MV Product/Version
affected:
Professional PRO 5.0 Resolved
High ipv6 The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. April 25, 2007, 11:04 am
CVE-2007-2165
5.1 MV Product/Version
affected:
Medium proftpd The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd. April 22, 2007, 14:04 pm
CVE-2007-2138
6.0 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium postgresql Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to search_path settings. April 24, 2007, 15:04 pm
CVE-2007-2052
5.0 MV Product/Version
affected:
Medium python Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. April 16, 2007, 17:04 pm
CVE-2007-1887
7.5 MV Product/Version
affected:
High php Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character. April 5, 2007, 20:04 pm
CVE-2007-1863
5.0 MV Product/Version
affected:
Medium appache cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. June 27, 2007, 12:06 pm
CVE-2007-1861
4.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium kernel The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow. May 7, 2007, 14:05 pm
CVE-2007-1841
4.3 MV Product/Version
affected:
Medium ipsec-tools The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages. April 10, 2007, 17:04 pm
CVE-2007-1718
7.8 MV Product/Version
affected:
Professional PRO 5.0 Resolved
High php CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro. March 27, 2007, 19:03 pm
CVE-2007-1660
6.8 MV Product/Version
affected:
Medium pcre Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified multiple forms of character class, which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code. November 7, 2007, 17:11 pm
CVE-2007-1659
6.8 MV Product/Version
affected:
Medium pcre Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched QE sequences with orphan E codes. November 7, 2007, 17:11 pm
CVE-2007-1592
4.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Medium kernel net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to that socket. March 22, 2007, 14:03 pm
CVE-2007-1560
5.0 MV Product/Version
affected:
Medium squid The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error. March 21, 2007, 13:03 pm
CVE-2007-1536
9.3 MV Product/Version
affected:
High file Integer underflow in the file_printf function in the file program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. March 20, 2007, 15:03 pm
CVE-2007-1497
5.0 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium kernel nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. March 16, 2007, 17:03 pm
CVE-2007-1496
4.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium kernel nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using multiple packets per netlink message, and (3) bridged packets, which trigger a NULL pointer dereference. March 16, 2007, 17:03 pm
CVE-2007-1351
8.5 MV Product/Version
affected:
High openssl Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. April 5, 2007, 20:04 pm
CVE-2007-1286
6.8 MV Product/Version
affected:
Medium php Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter. March 6, 2007, 14:03 pm
CVE-2007-1218
6.8 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium tcpdump Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based. March 2, 2007, 15:03 pm
CVE-2007-1217
6.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Medium kernel Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet. March 2, 2007, 15:03 pm
CVE-2007-1001
6.8 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium php Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values. April 5, 2007, 19:04 pm
CVE-2007-1000
7.2 MV Product/Version
affected:
Professional PRO 5.0 Resolved
High kernel The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference. March 12, 2007, 18:03 pm
CVE-2007-0998
4.3 MV Product/Version
affected:
CGE 6.0 Resolved
Medium qemu The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information. March 20, 2007, 05:03 am
CVE-2007-0988
4.3 MV Product/Version
affected:
Medium php The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an a:2147483649:{ argument. February 20, 2007, 11:02 am
CVE-2007-0958
2.1 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Low kernel Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073. February 15, 2007, 12:02 pm
CVE-2007-0910
10.0 MV Product/Version
affected:
High php Unspecified vulnerability in PHP before 5.2.1 allows attackers to clobber certain super-global variables via unspecified vectors. February 13, 2007, 17:02 pm
CVE-2007-0909
7.5 MV Product/Version
affected:
High php Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. February 13, 2007, 17:02 pm
CVE-2007-0908
5.0 MV Product/Version
affected:
Medium php The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable. February 13, 2007, 17:02 pm
CVE-2007-0907
5.0 MV Product/Version
affected:
Medium php Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. February 13, 2007, 17:02 pm
CVE-2007-0906
7.5 MV Product/Version
affected:
High php Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825). February 13, 2007, 17:02 pm
CVE-2007-0555
8.5 MV Product/Version
affected:
Professional PRO 5.0 Resolved
High postgresql PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content. February 5, 2007, 19:02 pm
CVE-2007-0494
4.3 MV Product/Version
affected:
Medium bind ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the DNSSEC Validation vulnerability. January 25, 2007, 14:01 pm
CVE-2007-0493
7.8 MV Product/Version
affected:
High bind Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to dereference a freed fetch context. January 25, 2007, 14:01 pm
CVE-2007-0454
7.5 MV Product/Version
affected:
High samba Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. February 5, 2007, 20:02 pm
CVE-2007-0452
6.8 MV Product/Version
affected:
Medium samba smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop. February 5, 2007, 20:02 pm
CVE-2007-0248
5.0 MV Product/Version
affected:
Medium squid The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop. January 16, 2007, 12:01 pm
CVE-2007-0247
5.0 MV Product/Version
affected:
Medium squid squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions. January 16, 2007, 12:01 pm
CVE-2007-0062
10.0 MV Product/Version
affected:
High ace Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients. September 21, 2007, 14:09 pm
CVE-2007-0005
6.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium omnikey_cardman_4040 Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges. March 9, 2007, 18:03 pm