Vulnerabilities > Trustix > Secure Linux > 2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-13 | CVE-2007-0910 | Multiple vulnerability in PHP 5.2.0 and Prior Versions Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. | 10.0 |
| 2007-02-13 | CVE-2007-0909 | Multiple vulnerability in PHP 5.2.0 and Prior Versions Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. | 7.5 |
| 2007-02-13 | CVE-2007-0907 | Multiple vulnerability in PHP 5.2.0 and Prior Versions Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. | 5.0 |
| 2007-02-13 | CVE-2007-0906 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. | 7.5 |
| 2007-02-13 | CVE-2007-0905 | Multiple vulnerability in PHP 5.2.0 and Prior Versions PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. | 7.5 |
| 2005-12-31 | CVE-2005-3626 | Resource Management Errors vulnerability in multiple products Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. network low complexity easy-software-products kde libextractor poppler sgi tetex xpdf conectiva debian gentoo mandrakesoft redhat sco slackware suse trustix turbolinux ubuntu CWE-399 | 5.0 |
| 2005-12-31 | CVE-2005-3625 | Resource Management Errors vulnerability in multiple products Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." network low complexity easy-software-products kde libextractor poppler sgi tetex xpdf conectiva debian gentoo mandrakesoft redhat sco slackware suse trustix turbolinux ubuntu CWE-399 critical | 10.0 |
| 2005-12-31 | CVE-2005-3624 | Numeric Errors vulnerability in multiple products The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. network low complexity easy-software-products kde libextractor poppler sgi tetex xpdf conectiva debian gentoo mandrakesoft redhat sco slackware suse trustix turbolinux ubuntu CWE-189 | 5.0 |
| 2005-06-10 | CVE-2005-1267 | Denial Of Service vulnerability in tcpdump BGP Decoding Routines The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet. | 5.0 |
| 2005-05-02 | CVE-2005-0988 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | 3.7 |