CVE-2008-0062
- EPSS 10.14%
- Veröffentlicht 19.03.2008 10:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:51
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer derefe...
CVE-2008-0063
- EPSS 3.48%
- Veröffentlicht 19.03.2008 10:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:51
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
CVE-2008-0888
- EPSS 6.29%
- Veröffentlicht 17.03.2008 21:44:00
- Zuletzt bearbeitet 16.06.2026 22:50:32
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a ...
CVE-2008-1195
- EPSS 5.68%
- Veröffentlicht 06.03.2008 21:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:12
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via uns...
CVE-2007-6427
- EPSS 4.28%
- Veröffentlicht 18.01.2008 23:00:00
- Zuletzt bearbeitet 16.06.2026 22:48:03
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.
CVE-2007-6420
- EPSS 9.11%
- Veröffentlicht 12.01.2008 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:48:01
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
CVE-2008-0005
- EPSS 14.61%
- Veröffentlicht 12.01.2008 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:48:44
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
CVE-2008-0226
- EPSS 91.6%
- Veröffentlicht 10.01.2008 23:46:00
- Zuletzt bearbeitet 16.06.2026 22:49:10
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yass...
- EPSS 3.84%
- Veröffentlicht 09.01.2008 21:46:00
- Zuletzt bearbeitet 16.06.2026 22:44:45
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted reg...
CVE-2007-6353
- EPSS 4.87%
- Veröffentlicht 20.12.2007 01:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:53
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.