High

DATE	CVE	VULNERABILITY TITLE	RISK
2008-05-13	CVE-2008-0166	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. network low complexity openssl canonical debian CWE-338	7.5
2008-04-10	CVE-2008-1721	Incorrect Conversion between Numeric Types vulnerability in multiple products Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. network low complexity python debian canonical CWE-681	7.5
2008-03-19	CVE-2008-0063	Use of Uninitialized Resource vulnerability in multiple products The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." network low complexity mit apple opensuse suse debian canonical fedoraproject CWE-908	7.5
2008-01-10	CVE-2008-0226	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. network low complexity yassl mysql oracle apple debian canonical CWE-119	7.5
2007-09-24	CVE-2007-4988	Incorrect Conversion between Numeric Types vulnerability in multiple products Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. local low complexity imagemagick canonical CWE-681	7.8
2007-09-05	CVE-2007-4476	Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." network low complexity gnu debian canonical	7.5
2007-09-04	CVE-2007-4657	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. network low complexity php debian canonical CWE-119	7.5
2007-06-26	CVE-2007-2443	Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. low complexity mit debian canonical	8.3
2007-06-26	CVE-2007-3409	Uncontrolled Recursion vulnerability in multiple products Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop. network low complexity net-dns debian canonical CWE-674	7.5
2007-05-14	CVE-2007-2444	Improper Privilege Management vulnerability in multiple products Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. local low complexity samba debian canonical CWE-269	7.2