CVE-2007-5969 (Medium) :
MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit
DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite
system table information and gain privileges via a RENAME TABLE statement that changes the
symlink to point to an existing file.
CVE-2007-6303 (Low) :
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the
DEFINER value of a view when the view is altered, which allows remote authenticated users to
gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW
statement and an ALTER VIEW statement.
CVE-2007-6304 (Medium) :
The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4,
when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a
denial of service (federated handler crash and daemon crash) via a response that lacks the
minimum required number of columns.
CVE-2007-1659 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent
attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex
patters containing unmatched "\Q\E" sequences with orphan "\E" codes.
CVE-2007-1660 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly calculate sizes
for unspecified "multiple forms of character class", which triggers a buffer overflow that allows
context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary
code.
CVE-2007-1661 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching
certain input bytes against some regex patterns in non-UTF-8 mode, which allows
context-dependent attackers to obtain sensitive information or cause a denial of service (crash),
as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
CVE-2007-1662 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string
when searching for unmatched brackets and parentheses, which allows context-dependent
attackers to cause a denial of service (crash), possibly involving forward references.
CVE-2007-4766 (High) :
Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow
context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via
unspecified escape (backslash) sequences.
CVE-2007-4767 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the
length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows
context-dependent attackers to cause a denial of service (infinite loop or crash) or execute
arbitrary code.
CVE-2007-4768 (Medium) :
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3
allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence
in a character class in a regex pattern, which is incorrectly optimized.
CVE-2007-6239 (MEDIUM-Network exploitable) :
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid
3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to
HTTP headers and an Array memory leak during requests for cached objects.
CVE-2008-0553 (HIGH-Network exploitable) :
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1
allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to
CVE-2006-4484.
CVE-2008-0553 (High-Network exploitable) :
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1
allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to
CVE-2006-4484.
CVE-2007-5965 (Medium - Network exploitable , Victim must voluntarily interact with attack mechanism) :
QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which
might make it easier for remote attackers to trick a user into accepting an invalid server
certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a
user.
CVE-2007-3388 (Medium) :
Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3)
qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7)
qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to
execute arbitrary code via format string specifiers in text used to compose an error message.
CVE-2007-4137 (High) :
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows
context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string
that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the
QUtf8Codec::convertToUnicode function, but it is not exploitable.
Aldas Nabazas
Alejandro Mery
Christian Wiese