CVE-2007-2650

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

Publication date: Tue, 15 May 2007 02:19:00 +0000

Cyber News related to CVE-2007-2650

CVE-2014-2984 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2650. Reason: This candidate is a reservation duplicate of CVE-2014-2650. Notes: All CVE users should reference CVE-2014-2650 instead of this candidate. All references and ...
54 years ago Tenable.com

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago

CVE-2007-2650 - The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as ...
4 years ago

ICONICS and Mitsubishi Electric Products - RISK EVALUATION. Successful exploitation of these vulnerabilities could result in denial of service, improper privilege management, or potentially remote code execution. A denial-of-service vulnerability due to an allocation of resources without ...
4 months ago Cisa.gov

CVE-2016-0462 - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Multichannel Framework, a different ...
8 years ago

CVE-2004-2650 - Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak. ...
16 years ago

CVE-2005-2650 - Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters. ...
16 years ago

CVE-2006-2650 - SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter. ...
7 years ago

CVE-2011-2650 - Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display. ...
7 years ago

CVE-2009-2650 - Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file. ...
7 years ago

CVE-2015-2650 - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Multichannel Framework. ...
7 years ago

CVE-2008-2650 - Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be ...
7 years ago

CVE-2018-2650 - Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged ...
5 years ago

CVE-2010-2707 - Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. Per: http://secunia.com/advisories/40865 ...
5 years ago

CVE-2017-2650 - It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins. ...
5 years ago

CVE-2014-2650 - Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface ...
4 years ago

CVE-2010-2650 - Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs." ...
4 years ago

CVE-2019-2650 - Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows ...
4 years ago

CVE-2022-2650 - Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2. ...
1 year ago

CVE-2016-2650 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none ...
54 years ago Tenable.com

CVE-2024-2650 - The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all versions up ...
7 months ago Tenable.com

CVE-2020-2650 - Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated ...
2 years ago

CVE-2023-2650 - Issue summary: Processing some specially crafted ASN.1 object identifiers or ...
9 months ago

CVE-2013-6078 - The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to ...
10 years ago

CVE-2011-1892 - Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management ...
6 years ago

Latest Cyber News

CVE-2024-11032 - 20 hours ago
CVE-2024-11680 - 20 hours ago
CVE-2024-9170 - 21 hours ago
CVE-2018-11952 - 21 hours ago
CVE-2024-11091 - 21 hours ago
CVE-2024-11119 - 21 hours ago
CVE-2024-11192 - 21 hours ago
CVE-2016-10394 - 21 hours ago
CVE-2017-11076 - 21 hours ago
CVE-2017-15832 - 21 hours ago
CVE-2017-17772 - 21 hours ago
CVE-2017-18153 - 21 hours ago
CVE-2018-11922 - 21 hours ago
CVE-2024-8772 - 22 hours ago
CVE-2024-9504 - 22 hours ago
CVE-2024-47257 - 22 hours ago
CVE-2024-6831 - 22 hours ago
CVE-2024-8160 - 22 hours ago
CVE-2024-34162 - 22 hours ago
CVE-2024-35244 - 22 hours ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-11296 - 4 days ago
CVE-2024-11298 - 4 days ago
CVE-2023-7299 - 3 days ago
CVE-2024-53915 - 2 days ago
CVE-2024-11647 - 2 days ago
CVE-2024-11651 - 2 days ago
CVE-2024-11653 - 2 days ago
CVE-2020-11311 - 2 days ago
CVE-2024-10709 - 2 days ago
CVE-2024-7056 - 2 days ago
CVE-2024-11659 - 1 day ago
CVE-2024-11662 - 1 day ago
CVE-2021-23282 - 1 day ago
CVE-2022-33861 - 1 day ago
CVE-2020-12491 - 1 day ago
CVE-2020-12492 - 1 day ago
CVE-2024-11403 - 1 day ago
CVE-2024-11498 - 1 day ago
CVE-2024-27134 - 1 day ago
CVE-2024-11670 - 1 day ago