Input Validation に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2007 年に公開され、Input Validation に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2007-6596 | ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file. | 5.0 | 0.31% | 2007-12-31 | 2026-04-23 |
| CVE-2007-6573 | QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551. | 7.8 | 0.67% | 2007-12-28 | 2026-04-23 |
| CVE-2007-6558 | TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file. NOTE: this might be a duplicate of CVE-2006-6288. | 4.3 | 12.57% | 2007-12-28 | 2026-04-23 |
| CVE-2007-6534 | Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. | 6.8 | 20.83% | 2007-12-27 | 2026-04-23 |
| CVE-2007-6527 | uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type. | 5.8 | 0.31% | 2007-12-27 | 2026-04-23 |
| CVE-2007-6509 | Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp. | 7.8 | 75.53% | 2007-12-21 | 2026-04-23 |
| CVE-2007-4567 | The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet. | 7.8 | 5.05% | 2007-12-21 | 2026-04-23 |
| CVE-2007-6494 | Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters. | 10.0 | 2.30% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6493 | The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method. | 10.0 | 8.08% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6492 | The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method. | 7.1 | 0.64% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6488 | Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php. | 6.8 | 5.81% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6242 | Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors." | 6.8 | 45.77% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6449 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6121. Reason: This candidate is a duplicate of CVE-2007-6121. Notes: All CVE users should reference CVE-2007-6121 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.69% | 2007-12-19 | 2023-11-07 |
| CVE-2007-6448 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6120. Reason: This candidate is a duplicate of CVE-2007-6120. Notes: All CVE users should reference CVE-2007-6120 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.17% | 2007-12-19 | 2023-11-07 |
| CVE-2007-6445 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6117. Reason: This candidate is a duplicate of CVE-2007-6117. Notes: All CVE users should reference CVE-2007-6117 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.69% | 2007-12-19 | 2023-11-07 |
| CVE-2007-6444 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6113. Reason: This candidate is a duplicate of CVE-2007-6113, Notes: All CVE users should reference CVE-2007-6113 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.69% | 2007-12-19 | 2023-11-07 |
| CVE-2007-6437 | Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference. | 5.0 | 5.79% | 2007-12-19 | 2026-04-23 |
| CVE-2007-6433 | The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter. | 7.5 | 2.43% | 2007-12-18 | 2026-04-23 |
| CVE-2007-6372 | Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping. | 7.8 | 2.91% | 2007-12-15 | 2026-04-23 |
| CVE-2007-6371 | Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session. | 7.1 | 0.59% | 2007-12-15 | 2026-04-23 |