High

DATE	CVE	VULNERABILITY TITLE	RISK
2008-05-13	CVE-2008-0166	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. network low complexity openssl canonical debian CWE-338	7.5
2008-04-10	CVE-2008-1721	Incorrect Conversion between Numeric Types vulnerability in multiple products Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. network low complexity python debian canonical CWE-681	7.5
2008-03-19	CVE-2008-0063	Use of Uninitialized Resource vulnerability in multiple products The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." network low complexity mit apple opensuse suse debian canonical fedoraproject CWE-908	7.5
2008-03-04	CVE-2008-0930	Link Following vulnerability in Freshmeat Xwine 1.0.1 w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. local low complexity debian freshmeat CWE-59	7.2
2008-02-25	CVE-2008-0932	Improper Input Validation vulnerability in the Sword Project Diatheke Front END and Sword diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter. network low complexity debian redhat the-sword-project CWE-20	7.5
2008-02-22	CVE-2008-0162	Permissions, Privileges, and Access Controls vulnerability in SAM Lantinga Splitvt misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges. local low complexity debian sam-lantinga CWE-264	7.2
2008-01-25	CVE-2007-6415	Code Injection vulnerability in Debian Linux 3.1/4.0 scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options. network low complexity debian CWE-94	8.5
2008-01-10	CVE-2008-0226	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. network low complexity yassl mysql oracle apple debian canonical CWE-119	7.5
2007-12-04	CVE-2007-6211	Permissions, Privileges, and Access Controls vulnerability in Sing 1.1 Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. local low complexity debian sing CWE-264	7.2
2007-11-07	CVE-2007-5116	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. network low complexity debian mandrakesoft redhat rpath larry-wall openpkg CWE-119	7.5