CVE-2008-0226
- EPSS 91.6%
- Veröffentlicht 10.01.2008 23:46:00
- Zuletzt bearbeitet 16.06.2026 22:49:10
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yass...
- EPSS 3.84%
- Veröffentlicht 09.01.2008 21:46:00
- Zuletzt bearbeitet 16.06.2026 22:44:45
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted reg...
CVE-2007-6601
- EPSS 1.57%
- Veröffentlicht 09.01.2008 21:46:00
- Zuletzt bearbeitet 16.06.2026 22:48:24
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. N...
CVE-2007-6599
- EPSS 1.66%
- Veröffentlicht 04.01.2008 02:46:00
- Zuletzt bearbeitet 16.06.2026 22:48:24
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the Giv...
CVE-2007-6353
- EPSS 4.87%
- Veröffentlicht 20.12.2007 01:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:53
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
CVE-2007-6418
- EPSS 0.35%
- Veröffentlicht 18.12.2007 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:48:01
The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
CVE-2007-6206
- EPSS 0.43%
- Veröffentlicht 04.12.2007 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:36
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might ...
CVE-2007-6170
- EPSS 2.81%
- Veröffentlicht 30.11.2007 01:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:32
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL ...
CVE-2007-1321
- EPSS 0.47%
- Veröffentlicht 30.10.2007 22:46:00
- Zuletzt bearbeitet 16.06.2026 22:37:21
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" int...
CVE-2007-5729
- EPSS 0.59%
- Veröffentlicht 30.10.2007 22:46:00
- Zuletzt bearbeitet 16.06.2026 22:46:43
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" hea...