Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2008-05-13 CVE-2008-0166 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
network
low complexity
openssl canonical debian CWE-338
7.5
2008-05-07 CVE-2008-2108 Insufficient Entropy vulnerability in multiple products
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
network
low complexity
php fedoraproject canonical debian CWE-331
critical
9.8
2008-05-05 CVE-2008-2079 Permissions, Privileges, and Access Controls vulnerability in multiple products
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
network
high complexity
mysql oracle debian canonical CWE-264
4.6
2008-05-02 CVE-2008-1375 Race Condition vulnerability in multiple products
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
6.9
2008-04-22 CVE-2008-1902 Remote Security vulnerability in Aptlinex
The GUI for aptlinex before 0.91 does not sufficiently warn the user of potentially dangerous actions, which allows remote attackers to remove or modify packages via an apt:// URL.
network
low complexity
debian
5.0
2008-04-22 CVE-2008-1901 Link Following vulnerability in Debian Aptlinex
aptlinex before 0.91 allows local users to overwrite arbitrary files via a symlink attack on the gambas-apt.lock temporary file.
local
low complexity
debian CWE-59
7.2
2008-04-18 CVE-2008-1887 Classic Buffer Overflow vulnerability in multiple products
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.
network
python canonical debian CWE-120
critical
9.3
2008-04-17 CVE-2008-1877 Permissions, Privileges, and Access Controls vulnerability in Debian TSS 0.8.1/0.8.2/0.8.3
tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges.
local
low complexity
debian CWE-264
2.1
2008-04-10 CVE-2008-1721 Incorrect Conversion between Numeric Types vulnerability in multiple products
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
network
low complexity
python debian canonical CWE-681
7.5
2008-03-31 CVE-2008-1569 Link Following vulnerability in Policyd-Weight
policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.
3.3