Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2003-03-03 CVE-2003-0098 Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.
network
low complexity
apcupsd debian
critical
10.0
2002-11-04 CVE-2002-1235 Remote Buffer Overflow vulnerability in Multiple Vendor kadmind
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
network
low complexity
kth mit debian
critical
10.0
2001-08-14 CVE-2001-0554 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
network
low complexity
netkit mit sgi freebsd ibm netbsd openbsd sun debian CWE-120
critical
10.0
2001-03-26 CVE-2001-0233 Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.
network
low complexity
matthew-smith debian redhat
critical
10.0
2000-11-14 CVE-2000-0844 Permissions, Privileges, and Access Controls vulnerability in multiple products
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
10.0
2000-07-16 CVE-2000-0666 Remote Format String vulnerability in Multiple Linux Vendor rpc.statd
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
network
low complexity
conectiva debian redhat suse trustix
critical
10.0
2000-07-02 CVE-2000-0584 Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.
network
low complexity
debian freebsd
critical
10.0
2000-01-08 CVE-2000-1221 The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.
network
low complexity
sgi debian redhat
critical
10.0
1999-06-12 CVE-1999-0730 Unspecified vulnerability in Debian Linux 4.0
The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.
network
low complexity
debian
critical
10.0
1999-02-09 CVE-1999-0368 Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. 10.0