CVE-2008-1887
- EPSS 6.29%
- Veröffentlicht 18.04.2008 17:05:00
- Zuletzt bearbeitet 16.06.2026 22:52:41
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when asse...
CVE-2008-1721
- EPSS 22.62%
- Veröffentlicht 10.04.2008 19:05:00
- Zuletzt bearbeitet 16.06.2026 22:52:21
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
CVE-2008-1567
- EPSS 0.3%
- Veröffentlicht 31.03.2008 22:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:59
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
CVE-2008-1531
- EPSS 3.37%
- Veröffentlicht 27.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:55
The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a...
CVE-2008-0062
- EPSS 10.14%
- Veröffentlicht 19.03.2008 10:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:51
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer derefe...
CVE-2008-0063
- EPSS 3.48%
- Veröffentlicht 19.03.2008 10:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:51
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
CVE-2008-0888
- EPSS 6.29%
- Veröffentlicht 17.03.2008 21:44:00
- Zuletzt bearbeitet 16.06.2026 22:50:32
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a ...
CVE-2007-6415
- EPSS 3.67%
- Veröffentlicht 25.01.2008 00:00:00
- Zuletzt bearbeitet 16.06.2026 22:48:01
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.
CVE-2007-6427
- EPSS 4.28%
- Veröffentlicht 18.01.2008 23:00:00
- Zuletzt bearbeitet 16.06.2026 22:48:03
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.
- EPSS 2.57%
- Veröffentlicht 12.01.2008 02:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:44
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.