CVE-2007-1285
- EPSS 18.16%
- Veröffentlicht 06.03.2007 20:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:17
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
CVE-2007-0009
- EPSS 50.36%
- Veröffentlicht 26.02.2007 20:28:00
- Zuletzt bearbeitet 16.06.2026 22:34:41
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System ser...
CVE-2007-0778
- EPSS 3.12%
- Veröffentlicht 26.02.2007 20:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:16
The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive i...
CVE-2007-0780
- EPSS 2.49%
- Veröffentlicht 26.02.2007 20:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:16
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked...
CVE-2007-0777
- EPSS 7.56%
- Veröffentlicht 26.02.2007 19:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:16
The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vect...
CVE-2007-0988
- EPSS 2.31%
- Veröffentlicht 20.02.2007 17:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:42
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only caus...
- EPSS 11.75%
- Veröffentlicht 13.02.2007 23:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:31
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element ...
CVE-2007-0455
- EPSS 11.69%
- Veröffentlicht 30.01.2007 17:28:00
- Zuletzt bearbeitet 16.06.2026 22:35:36
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded...
CVE-2006-6143
- EPSS 7.93%
- Veröffentlicht 31.12.2006 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:32:33
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attacke...
CVE-2006-7232
- EPSS 1.97%
- Veröffentlicht 31.12.2006 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:34:37
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.