Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2008-09-18 CVE-2008-4126 Configuration vulnerability in Debian Python-Dns
PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
network
low complexity
debian CWE-16
6.4
2008-09-18 CVE-2008-4099 Configuration vulnerability in Debian Python-Dns
PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
network
low complexity
debian CWE-16
6.4
2008-09-18 CVE-2008-4098 Link Following vulnerability in multiple products
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory.
network
high complexity
canonical debian mysql oracle CWE-59
4.6
2008-09-11 CVE-2008-3913 Memory Leak vulnerability in multiple products
Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".
network
low complexity
clamav debian CWE-401
5.0
2008-09-11 CVE-2008-3912 Resource Management Errors vulnerability in multiple products
libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.
network
low complexity
clamav debian CWE-399
5.0
2008-09-04 CVE-2008-3930 Link Following vulnerability in Debian Citadel Server 7.37
migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
local
debian CWE-59
6.9
2008-09-04 CVE-2008-3928 Link Following vulnerability in Debian Honeyd Common 1.5
test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file.
local
debian CWE-59
6.9
2008-09-04 CVE-2007-6716 fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.
local
low complexity
linux canonical debian novell opensuse suse
5.5
2008-08-27 CVE-2008-3281 XML Entity Expansion vulnerability in multiple products
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
6.5
2008-08-12 CVE-2008-3275 Classic Buffer Overflow vulnerability in multiple products
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.
local
low complexity
linux debian canonical suse CWE-120
5.5