Vulnerabilities > Canonical > Ubuntu Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-06 | CVE-2007-1285 | Uncontrolled Recursion vulnerability in multiple products The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. | 7.5 |
| 2007-01-30 | CVE-2007-0455 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. | 7.5 |
| 2006-11-07 | CVE-2006-5779 | Reachable Assertion vulnerability in multiple products OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. | 7.5 |
| 2006-10-10 | CVE-2006-4997 | Use After Free vulnerability in multiple products The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference). | 7.5 |
| 2006-10-05 | CVE-2006-5158 | Improper Locking vulnerability in multiple products The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock. | 7.5 |
| 2006-09-06 | CVE-2006-4095 | Reachable Assertion vulnerability in multiple products BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. | 7.5 |
| 2006-05-09 | CVE-2006-2275 | Improper Locking vulnerability in multiple products Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer." | 7.5 |
| 2006-04-14 | CVE-2006-1727 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview". | 7.6 |
| 2005-12-31 | CVE-2005-4808 | Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. | 7.6 |
| 2005-12-31 | CVE-2005-4807 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. | 7.5 |