Vulnerabilities > Debian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-05-13 | CVE-2008-0166 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. | 7.5 |
2008-05-07 | CVE-2008-2108 | Insufficient Entropy vulnerability in multiple products The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. | 9.8 |
2008-05-05 | CVE-2008-2079 | Permissions, Privileges, and Access Controls vulnerability in multiple products MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. | 4.6 |
2008-05-02 | CVE-2008-1375 | Race Condition vulnerability in multiple products Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. | 6.9 |
2008-04-22 | CVE-2008-1902 | Remote Security vulnerability in Aptlinex The GUI for aptlinex before 0.91 does not sufficiently warn the user of potentially dangerous actions, which allows remote attackers to remove or modify packages via an apt:// URL. | 5.0 |
2008-04-22 | CVE-2008-1901 | Link Following vulnerability in Debian Aptlinex aptlinex before 0.91 allows local users to overwrite arbitrary files via a symlink attack on the gambas-apt.lock temporary file. | 7.2 |
2008-04-18 | CVE-2008-1887 | Classic Buffer Overflow vulnerability in multiple products Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. | 9.3 |
2008-04-17 | CVE-2008-1877 | Permissions, Privileges, and Access Controls vulnerability in Debian TSS 0.8.1/0.8.2/0.8.3 tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges. | 2.1 |
2008-04-10 | CVE-2008-1721 | Incorrect Conversion between Numeric Types vulnerability in multiple products Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. | 7.5 |
2008-03-31 | CVE-2008-1569 | Link Following vulnerability in Policyd-Weight policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket. | 3.3 |