Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2007-10-04 CVE-2007-5193 Information Disclosure vulnerability in Twiki 4.1.2
The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied.
network
low complexity
debian twiki
5.0
2007-09-18 CVE-2007-2834 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.
network
apache sun debian canonical CWE-190
critical
9.3
2007-09-10 CVE-2007-3912 Improper Input Validation vulnerability in Debian Debian-Goodies 0.27/0.33
checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
local
low complexity
debian CWE-20
7.2
2007-09-05 CVE-2007-4476 Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
network
low complexity
gnu debian canonical
7.5
2007-09-04 CVE-2007-4657 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read.
network
low complexity
php debian canonical CWE-119
7.5
2007-09-04 CVE-2007-3998 Improper Input Validation vulnerability in multiple products
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.
network
low complexity
php debian canonical CWE-20
5.0
2007-08-27 CVE-2007-2797 Unspecified vulnerability in Xterm 1927.El4/2083.1
xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.
local
low complexity
redhat xterm debian
2.1
2007-07-16 CVE-2007-3798 Unchecked Return Value vulnerability in multiple products
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
network
low complexity
tcpdump canonical debian slackware freebsd apple CWE-252
critical
9.8
2007-07-05 CVE-2007-2839 Local Arbitrary Command Execution vulnerability in Debian Gfax 0.4.2
gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.
local
low complexity
debian
7.2
2007-07-03 CVE-2007-2837 Unspecified vulnerability in Fireflier 1.1.6
The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.
local
low complexity
debian fireflier
3.6