Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2008-03-19 CVE-2008-0062 Improper Initialization vulnerability in multiple products
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
network
low complexity
mit debian canonical fedoraproject CWE-665
critical
9.8
2007-09-24 CVE-2007-4988 Incorrect Conversion between Numeric Types vulnerability in multiple products
Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.
local
low complexity
imagemagick canonical CWE-681
7.8
2007-07-16 CVE-2007-3798 Unchecked Return Value vulnerability in multiple products
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
network
low complexity
tcpdump canonical debian slackware freebsd apple CWE-252
critical
9.8
2007-06-26 CVE-2007-3409 Uncontrolled Recursion vulnerability in multiple products
Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
network
low complexity
net-dns debian canonical CWE-674
7.5
2007-03-06 CVE-2007-1285 Uncontrolled Recursion vulnerability in multiple products
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
network
low complexity
php canonical novell suse redhat CWE-674
7.5
2006-12-29 CVE-2006-6811 Reachable Assertion vulnerability in multiple products
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference.
network
low complexity
kde canonical CWE-617
6.5
2006-11-07 CVE-2006-5779 Reachable Assertion vulnerability in multiple products
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
network
low complexity
openldap canonical CWE-617
7.5
2006-10-10 CVE-2006-4997 Use After Free vulnerability in multiple products
The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).
network
low complexity
linux canonical redhat CWE-416
7.5
2006-10-05 CVE-2006-5158 Improper Locking vulnerability in multiple products
The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.
network
low complexity
linux redhat canonical CWE-667
7.5
2006-09-06 CVE-2006-4095 Reachable Assertion vulnerability in multiple products
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.
network
low complexity
isc canonical apple CWE-617
7.5