Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2008-01-18 CVE-2007-6427 Out-Of-Bounds Write vulnerability in multiple products
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.
9.3
2008-01-10 CVE-2008-0226 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
network
low complexity
yassl mysql oracle apple debian canonical CWE-119
7.5
2008-01-09 CVE-2007-4772 Resource Management Errors vulnerability in multiple products
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
network
low complexity
postgresql tcl debian canonical CWE-399
4.0
2008-01-04 CVE-2007-6599 Race Condition vulnerability in multiple products
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.
4.3
2008-01-03 CVE-2007-6610 Remote Arbitrary Shell Command Injection vulnerability in Debian UNP 1.0.12
unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument.
network
low complexity
debian
critical
10.0
2007-12-18 CVE-2007-6418 Information Exposure vulnerability in Debian Linux
The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
local
low complexity
debian CWE-200
2.1
2007-12-04 CVE-2007-6220 Numeric Errors vulnerability in Typespeed
typespeed before 0.6.4 allows remote attackers to cause a denial of service (application crash) via unspecified network behavior that triggers a divide-by-zero error.
network
low complexity
typespeed debian CWE-189
5.0
2007-12-04 CVE-2007-6211 Permissions, Privileges, and Access Controls vulnerability in Sing 1.1
Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option.
local
low complexity
debian sing CWE-264
7.2
2007-11-30 CVE-2007-6170 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
network
low complexity
digium debian CWE-89
6.5
2007-11-07 CVE-2007-5116 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
7.5