Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2007-0010

около 19 лет назад

The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.

CVSS2: 2.1
EPSS: Низкий
nvd логотип

CVE-2007-0009

почти 19 лет назад

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2007-0008

почти 19 лет назад

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2007-0007

почти 19 лет назад

gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.

CVSS2: 3.6
EPSS: Низкий
nvd логотип

CVE-2007-0006

около 19 лет назад

The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."

CVSS2: 1.9
EPSS: Низкий
nvd логотип

CVE-2007-0005

почти 19 лет назад

Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.

CVSS2: 6.9
EPSS: Низкий
nvd логотип

CVE-2007-0004

больше 18 лет назад

The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.

CVSS2: 1.9
EPSS: Низкий
nvd логотип

CVE-2007-0003

около 19 лет назад

pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.

CVSS2: 7.2
EPSS: Низкий
nvd логотип

CVE-2007-0002

почти 19 лет назад

Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.

CVSS2: 9.3
EPSS: Низкий
nvd логотип

CVE-2007-0001

почти 19 лет назад

The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.

CVSS2: 4.7
EPSS: Низкий
nvd логотип

CVE-2006-7254

почти 7 лет назад

The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.

CVSS3: 5.5
EPSS: Низкий
nvd логотип

CVE-2006-7253

больше 10 лет назад

GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2006-7252

больше 13 лет назад

Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-7251

больше 5 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none

EPSS: Низкий
nvd логотип

CVE-2006-7250

почти 14 лет назад

The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-7249

почти 14 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7250, CVE-2012-1410. Reason: this candidate was intended for one issue, but CVE users may have associated it with multiple unrelated issues. Notes: All CVE users should consult CVE-2006-7250 for the OpenSSL candidate or CVE-2012-1410 for the Kadu candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

EPSS: Низкий
nvd логотип

CVE-2006-7248

почти 14 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7250, CVE-2012-1410. Reason: this candidate was intended for one issue, but CVE users may have associated it with multiple unrelated issues. Notes: All CVE users should consult CVE-2006-7250 for the OpenSSL candidate or CVE-2012-1410 for the Kadu candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

EPSS: Низкий
nvd логотип

CVE-2006-7247

больше 13 лет назад

SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-7246

около 6 лет назад

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

CVSS3: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-7245

больше 14 лет назад

Monkey's Audio before 4.01b2 allows remote attackers to cause a denial of service (application crash) via an APX file that lacks NULL termination.

CVSS2: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-0010

The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.

CVSS2: 2.1
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2007-0009

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

CVSS2: 6.8
50%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-0008

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

CVSS2: 6.8
17%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-0007

gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.

CVSS2: 3.6
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-0006

The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."

CVSS2: 1.9
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2007-0005

Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.

CVSS2: 6.9
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-0004

The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.

CVSS2: 1.9
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-0003

pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.

CVSS2: 7.2
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2007-0002

Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.

CVSS2: 9.3
9%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-0001

The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.

CVSS2: 4.7
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-7254

The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.

CVSS3: 5.5
0%
Низкий
почти 7 лет назад
nvd логотип
CVE-2006-7253

GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors.

CVSS2: 10
0%
Низкий
больше 10 лет назад
nvd логотип
CVE-2006-7252

Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte.

CVSS2: 5
0%
Низкий
больше 13 лет назад
nvd логотип
CVE-2006-7251

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none

больше 5 лет назад
nvd логотип
CVE-2006-7250

The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.

CVSS2: 5
1%
Низкий
почти 14 лет назад
nvd логотип
CVE-2006-7249

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7250, CVE-2012-1410. Reason: this candidate was intended for one issue, but CVE users may have associated it with multiple unrelated issues. Notes: All CVE users should consult CVE-2006-7250 for the OpenSSL candidate or CVE-2012-1410 for the Kadu candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

почти 14 лет назад
nvd логотип
CVE-2006-7248

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7250, CVE-2012-1410. Reason: this candidate was intended for one issue, but CVE users may have associated it with multiple unrelated issues. Notes: All CVE users should consult CVE-2006-7250 for the OpenSSL candidate or CVE-2012-1410 for the Kadu candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

почти 14 лет назад
nvd логотип
CVE-2006-7247

SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

CVSS2: 7.5
0%
Низкий
больше 13 лет назад
nvd логотип
CVE-2006-7246

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

CVSS3: 6.8
0%
Низкий
около 6 лет назад
nvd логотип
CVE-2006-7245

Monkey's Audio before 4.01b2 allows remote attackers to cause a denial of service (application crash) via an APX file that lacks NULL termination.

CVSS2: 4.3
0%
Низкий
больше 14 лет назад

Уязвимостей на страницу