Security Vulnerabilities, CVEs, Published In May 2007 (Denial of service)
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
Max CVSS
10.0
EPSS Score
6.41%
Published
2007-05-31
Updated
2018-10-16
Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
Max CVSS
7.5
EPSS Score
16.90%
Published
2007-05-31
Updated
2018-10-16
The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.
Max CVSS
5.0
EPSS Score
11.70%
Published
2007-05-31
Updated
2017-07-29
Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value.
Max CVSS
10.0
EPSS Score
21.73%
Published
2007-05-31
Updated
2017-10-11
Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method.
Max CVSS
5.0
EPSS Score
0.26%
Published
2007-05-30
Updated
2008-11-13
Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
Max CVSS
5.0
EPSS Score
39.64%
Published
2007-05-30
Updated
2017-07-29
Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.
Max CVSS
7.5
EPSS Score
86.40%
Published
2007-05-30
Updated
2017-07-29
Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports.
Max CVSS
4.3
EPSS Score
1.52%
Published
2007-05-30
Updated
2017-07-29
The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-05-30
Updated
2020-05-19
Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors.
Max CVSS
5.0
EPSS Score
4.51%
Published
2007-05-30
Updated
2017-07-29
The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument.
Max CVSS
4.3
EPSS Score
1.04%
Published
2007-05-30
Updated
2008-11-15
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
Max CVSS
9.3
EPSS Score
14.46%
Published
2007-05-30
Updated
2017-10-11
Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.
Max CVSS
5.0
EPSS Score
5.73%
Published
2007-05-30
Updated
2018-10-30
The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-05-29
Updated
2017-10-11
Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.
Max CVSS
10.0
EPSS Score
0.14%
Published
2007-05-24
Updated
2018-10-16
The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.
Max CVSS
5.0
EPSS Score
8.71%
Published
2007-05-24
Updated
2018-10-16
The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference.
Max CVSS
5.0
EPSS Score
7.86%
Published
2007-05-24
Updated
2018-10-16
Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session.
Max CVSS
7.8
EPSS Score
4.93%
Published
2007-05-22
Updated
2017-10-11
The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.
Max CVSS
4.3
EPSS Score
1.71%
Published
2007-05-22
Updated
2019-08-01
Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.
Max CVSS
6.8
EPSS Score
55.90%
Published
2007-05-22
Updated
2019-08-01
Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote attackers to cause a denial of service (resource exhaustion) by making many requests from a single client.
Max CVSS
5.0
EPSS Score
3.13%
Published
2007-05-21
Updated
2017-07-29
Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications.
Max CVSS
7.8
EPSS Score
4.59%
Published
2007-05-21
Updated
2017-07-29
(1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet.
Max CVSS
7.8
EPSS Score
25.76%
Published
2007-05-21
Updated
2018-10-16
blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301.
Max CVSS
6.8
EPSS Score
0.78%
Published
2007-05-18
Updated
2017-07-29
The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.65%
Published
2007-05-18
Updated
2019-08-14