Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2005-05-11 CVE-2005-1513 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.
network
low complexity
qmail-project canonical debian CWE-190
critical
9.8
2005-05-02 CVE-2005-1111 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
local
high complexity
gnu debian canonical CWE-367
4.7
2005-01-24 CVE-2005-0102 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.
network
low complexity
gnome debian CWE-190
critical
9.8
2004-10-20 CVE-2004-0772 Double Free vulnerability in multiple products
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
network
low complexity
mit openpkg debian CWE-415
critical
9.8
2004-09-28 CVE-2004-0689 Link Following vulnerability in multiple products
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
local
low complexity
kde debian CWE-59
7.1
2004-09-28 CVE-2004-0458 NULL Pointer Dereference vulnerability in multiple products
mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.
network
low complexity
nicolas-boullis debian CWE-476
7.5
2004-07-07 CVE-2004-0434 Incorrect Calculation of Buffer Size vulnerability in multiple products
k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.
network
low complexity
heimdal-project debian CWE-131
critical
9.8
2002-12-26 CVE-2002-1372 Unchecked Return Value vulnerability in multiple products
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.
network
low complexity
apple debian CWE-252
7.5
2002-06-18 CVE-2002-0401 NULL Pointer Dereference vulnerability in multiple products
SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.
network
low complexity
ethereal debian CWE-476
7.5
2002-05-16 CVE-2002-0184 Incorrect Calculation of Buffer Size vulnerability in multiple products
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
local
low complexity
sudo-project debian CWE-131
7.8