Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2004-12-06 CVE-2004-0451 Remote Syslog Format String vulnerability in Sup
Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.
network
low complexity
sup debian
critical
10.0
2004-12-06 CVE-2002-1581 Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via ..
network
low complexity
mailreader-com debian
5.0
2004-11-03 CVE-2004-0911 Unspecified vulnerability in Debian Netkit 0.07/0.17
telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than CVE-2001-0554.
network
low complexity
debian
5.0
2004-11-03 CVE-2004-0836 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).
network
low complexity
oracle debian CWE-119
critical
10.0
2004-11-03 CVE-2004-0835 Local vulnerability in MySQL
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
network
low complexity
mysql oracle debian
7.5
2004-10-20 CVE-2004-0793 Permissions, Privileges, and Access Controls vulnerability in Debian Bsdmainutils
The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file.
local
low complexity
debian CWE-264
7.2
2004-10-20 CVE-2004-0772 Double Free vulnerability in multiple products
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
network
low complexity
mit openpkg debian CWE-415
critical
9.8
2004-09-28 CVE-2004-0689 Link Following vulnerability in multiple products
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
local
low complexity
kde debian CWE-59
7.1
2004-09-28 CVE-2004-0643 Double Free vulnerability in multiple products
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
local
low complexity
mit debian redhat CWE-415
4.6
2004-09-28 CVE-2004-0458 NULL Pointer Dereference vulnerability in multiple products
mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.
network
low complexity
nicolas-boullis debian CWE-476
7.5