Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2007-5507

больше 18 лет назад

The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2007-5506

больше 18 лет назад

The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-5505

больше 18 лет назад

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to (1) the Export component (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) Spatial component (DB07), and (5) Advanced Security Option (DB19).

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-5504

больше 18 лет назад

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 10.1.0.5 unknown impact and remote attack vectors, related to (1) Import (DB01) and (2) Advanced Queuing (DB25). NOTE: as of 20071108, Oracle has not disputed reliable researcher claims that DB25 is for a buffer overflow in the DBLINK_INFO procedure in the DBMS_AQADM_SYS package.

CVSS2: 6.5
EPSS: Низкий
nvd логотип

CVE-2007-5503

около 18 лет назад

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2007-5502

около 18 лет назад

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2007-5501

около 18 лет назад

The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-5500

около 18 лет назад

The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information.

CVSS2: 4.9
EPSS: Низкий
nvd логотип

CVE-2007-5499

около 18 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none

EPSS: Низкий
nvd логотип

CVE-2007-5498

почти 18 лет назад

The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks.

CVSS2: 4.9
EPSS: Низкий
nvd логотип

CVE-2007-5497

около 18 лет назад

Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.

CVSS2: 5.8
EPSS: Низкий
nvd логотип

CVE-2007-5496

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert.

CVSS2: 1.9
EPSS: Низкий
nvd логотип

CVE-2007-5495

больше 17 лет назад

sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file.

CVSS2: 4.4
EPSS: Низкий
nvd логотип

CVE-2007-5494

около 18 лет назад

Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.

CVSS2: 4.9
EPSS: Низкий
nvd логотип

CVE-2007-5493

больше 18 лет назад

The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded.

CVSS2: 4.3
EPSS: Средний
nvd логотип

CVE-2007-5492

больше 18 лет назад

Static code injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter.

CVSS2: 4.6
EPSS: Низкий
nvd логотип

CVE-2007-5491

больше 18 лет назад

Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter.

CVSS2: 9
EPSS: Низкий
nvd логотип

CVE-2007-5490

больше 18 лет назад

SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-5489

больше 18 лет назад

Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-5488

больше 18 лет назад

Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.

CVSS2: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-5507

The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22.

CVSS2: 6.4
5%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5506

The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20.

CVSS2: 7.8
6%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5505

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to (1) the Export component (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) Spatial component (DB07), and (5) Advanced Security Option (DB19).

CVSS2: 7.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5504

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 10.1.0.5 unknown impact and remote attack vectors, related to (1) Import (DB01) and (2) Advanced Queuing (DB25). NOTE: as of 20071108, Oracle has not disputed reliable researcher claims that DB25 is for a buffer overflow in the DBLINK_INFO procedure in the DBMS_AQADM_SYS package.

CVSS2: 6.5
4%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5503

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.

CVSS2: 6.8
10%
Средний
около 18 лет назад
nvd логотип
CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.

CVSS2: 6.4
0%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-5501

The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.

CVSS2: 7.8
7%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-5500

The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information.

CVSS2: 4.9
0%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-5499

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none

около 18 лет назад
nvd логотип
CVE-2007-5498

The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks.

CVSS2: 4.9
0%
Низкий
почти 18 лет назад
nvd логотип
CVE-2007-5497

Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.

CVSS2: 5.8
8%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-5496

Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert.

CVSS2: 1.9
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2007-5495

sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file.

CVSS2: 4.4
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2007-5494

Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.

CVSS2: 4.9
0%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-5493

The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded.

CVSS2: 4.3
26%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-5492

Static code injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter.

CVSS2: 4.6
2%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5491

Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter.

CVSS2: 9
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5490

SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS2: 7.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5489

Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

CVSS2: 7.5
4%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5488

Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.

CVSS2: 7.5
1%
Низкий
больше 18 лет назад

Уязвимостей на страницу