Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2008-03-19 CVE-2008-0063 Use of Uninitialized Resource vulnerability in multiple products
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
7.5
2008-03-19 CVE-2008-0062 Improper Initialization vulnerability in multiple products
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
network
low complexity
mit debian canonical fedoraproject CWE-665
critical
9.8
2007-07-16 CVE-2007-3798 Unchecked Return Value vulnerability in multiple products
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
network
low complexity
tcpdump canonical debian slackware freebsd apple CWE-252
critical
9.8
2007-06-26 CVE-2007-3409 Uncontrolled Recursion vulnerability in multiple products
Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
network
low complexity
net-dns debian canonical CWE-674
7.5
2007-02-16 CVE-2007-0897 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.
network
low complexity
clamav apple debian CWE-772
7.5
2006-09-27 CVE-2006-5051 Double Free vulnerability in multiple products
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
network
high complexity
openbsd debian apple CWE-415
8.1
2005-11-27 CVE-2005-3847 Improper Locking vulnerability in multiple products
The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump.
local
low complexity
linux debian CWE-667
5.5
2005-10-21 CVE-2005-3274 NULL Pointer Dereference vulnerability in multiple products
Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired.
local
high complexity
linux debian CWE-476
4.7
2005-10-17 CVE-2005-3120 Incorrect Calculation of Buffer Size vulnerability in multiple products
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
network
low complexity
invisible-island debian CWE-131
critical
9.8
2005-09-30 CVE-2005-3106 Improper Locking vulnerability in multiple products
Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.
local
high complexity
linux debian canonical CWE-667
4.7