Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2007-05-16 CVE-2007-2691 MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. 4.9
2007-05-14 CVE-2007-2650 Resource Exhaustion vulnerability in multiple products
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.
4.3
2007-05-14 CVE-2007-2444 Improper Privilege Management vulnerability in multiple products
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.
local
low complexity
samba debian canonical CWE-269
7.2
2007-05-11 CVE-2007-0244 Denial Of Service vulnerability in PopTop PPTP Server GRE Packet
pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued.
network
low complexity
debian poptop
5.0
2007-05-10 CVE-2007-2583 The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
network
low complexity
oracle debian canonical
4.0
2007-05-09 CVE-2007-1864 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
network
low complexity
php debian canonical redhat CWE-119
7.5
2007-05-02 CVE-2007-1366 QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.
local
low complexity
qemu debian
2.1
2007-05-02 CVE-2007-1322 QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.
local
low complexity
qemu debian
2.1
2007-05-02 CVE-2007-1320 Out-Of-Bounds Write vulnerability in multiple products
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
local
low complexity
qemu fedoraproject opensuse debian CWE-787
7.2
2007-04-30 CVE-2007-2029 Resource Management Errors vulnerability in Clam Anti-Virus Clamav 0.84Rc2
File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.
network
low complexity
debian clam-anti-virus CWE-399
7.8