Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2010-02-02 CVE-2009-4013 Path Traversal vulnerability in multiple products
Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.
network
low complexity
debian canonical CWE-22
critical
9.8
2010-01-12 CVE-2009-4538 Remote Security Bypass vulnerability in Linux Kernel
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
network
low complexity
linux debian
critical
10.0
2009-09-04 CVE-2009-2946 Unspecified vulnerability in Devscripts Devel Team Devscripts
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.
network
devscripts-devel-team debian
critical
9.3
2009-04-21 CVE-2009-1358 Unspecified vulnerability in Debian Advanced Package Tool and APT
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
network
low complexity
debian
critical
10.0
2009-04-16 CVE-2009-1300 Improper Input Validation vulnerability in Debian Advanced Package Tool 0.7.20
apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.
network
low complexity
debian CWE-20
critical
10.0
2009-03-26 CVE-2009-1151 Code Injection vulnerability in multiple products
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
network
low complexity
phpmyadmin debian CWE-94
critical
9.8
2009-01-02 CVE-2006-7236 Configuration vulnerability in Invisible-Island Xterm NIL
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.
9.3
2008-12-17 CVE-2008-5500 Resource Management Errors vulnerability in multiple products
The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.
network
low complexity
mozilla canonical debian CWE-399
critical
10.0
2008-11-13 CVE-2008-5018 Resource Management Errors vulnerability in multiple products
The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.
network
low complexity
mozilla debian canonical CWE-399
critical
10.0
2008-11-13 CVE-2008-5017 Numeric Errors vulnerability in multiple products
Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.
network
low complexity
mozilla debian canonical CWE-189
critical
10.0