Export limit exceeded: 351412 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 16384 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (16384 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2027 | 2 Elinks, Redhat | 2 Elinks, Enterprise Linux | 2026-04-23 | N/A |
| Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks. | ||||
| CVE-2007-2028 | 2 Freeradius, Redhat | 2 Freeradius, Enterprise Linux | 2026-04-23 | N/A |
| Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. | ||||
| CVE-2007-2030 | 1 Redhat | 2 Enterprise Linux, Fedora Core | 2026-04-23 | N/A |
| lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. | ||||
| CVE-2007-2052 | 2 Python, Redhat | 3 Python, Enterprise Linux, Network Satellite | 2026-04-23 | N/A |
| Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. | ||||
| CVE-2007-2138 | 4 Canonical, Debian, Postgresql and 1 more | 5 Ubuntu Linux, Debian Linux, Postgresql and 2 more | 2026-04-23 | N/A |
| Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings." | ||||
| CVE-2007-2172 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2026-04-23 | N/A |
| A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions. | ||||
| CVE-2007-2231 | 2 Dovecot, Redhat | 2 Dovecot, Enterprise Linux | 2026-04-23 | N/A |
| Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name. | ||||
| CVE-2007-2242 | 5 Freebsd, Ietf, Netbsd and 2 more | 5 Freebsd, Ipv6, Netbsd and 2 more | 2026-04-23 | N/A |
| The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. | ||||
| CVE-2007-2292 | 3 Microsoft, Mozilla, Redhat | 4 Internet Explorer, Firefox, Seamonkey and 1 more | 2026-04-23 | N/A |
| CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. | ||||
| CVE-2007-2348 | 2 Alexander V. Lukyanov, Redhat | 2 Lftp, Enterprise Linux | 2026-04-23 | N/A |
| mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files. | ||||
| CVE-2007-2356 | 2 Gimp, Redhat | 2 Gimp, Enterprise Linux | 2026-04-23 | N/A |
| Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file. | ||||
| CVE-2007-2438 | 3 Foresight Linux, Redhat, Vim Development Group | 3 Foresight Linux, Enterprise Linux, Vim | 2026-04-23 | N/A |
| The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. | ||||
| CVE-2007-2442 | 4 Canonical, Debian, Mit and 1 more | 4 Ubuntu Linux, Debian Linux, Kerberos 5 and 1 more | 2026-04-23 | N/A |
| The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup. | ||||
| CVE-2007-2443 | 4 Canonical, Debian, Mit and 1 more | 4 Ubuntu Linux, Debian Linux, Kerberos 5 and 1 more | 2026-04-23 | N/A |
| Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. | ||||
| CVE-2007-2445 | 3 Linux, Png Reference Library, Redhat | 3 Linux Kernel, Libpng, Enterprise Linux | 2026-04-23 | N/A |
| The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. | ||||
| CVE-2007-2446 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names). | ||||
| CVE-2007-2447 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2026-04-23 | N/A |
| The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management. | ||||
| CVE-2007-2448 | 2 Redhat, Subversion | 2 Enterprise Linux, Subversion | 2026-04-23 | N/A |
| Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit. | ||||
| CVE-2007-2449 | 2 Apache, Redhat | 4 Tomcat, Enterprise Linux, Network Satellite and 1 more | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. | ||||
| CVE-2007-5135 | 2 Openssl, Redhat | 2 Openssl, Enterprise Linux | 2026-04-23 | N/A |
| Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. | ||||